we are going to deploye splunk in our organizations but before deployement there are some Questions .
1 )if we will install splunk agent on Microsoft windows servers 2003/2008 Domain controllers , DHCP servers , DNS Servers , Application Servers and database servers(what will be the performance issue).
2) what types of privlages required to install splunk agent on all the above servers([domain Admin or services account etc.…])
3) if there will be any issue appeared what will be the roll back plan.
4) what about technical support.
5) Knowledge Base / Lesson learnt / Awareness from previous customers.
6) we already have Bit9 and MANDIANT in residing in DCs and are in production, please explore the possibilities of possible impact due to existing agents etc…
Splunk doesn't employ an agent.
What you are looking for, is information on the Splunk Universal Forwarder, an unobtrusive "listening" service that forwards data to the indexer or a Splunk Heavy Forwarder which has more features and functions, including the ability to index locally, therefore requires a bit more resource.
Your questions regarding credentials are answered there.
You may also want to read the prior sections which discuss the concept of forwarding in general.
Technical Support is available as part of your Enterprise License. You should confirm with your Sales Account Manager as to whether that is included in your license agreement.
In general, performance issues are considered minimal, however benchmarking is recommended so that you understand how much data you are going to be Splunking (what events types exactly,?what is the volume on that particular server,? will you include performance counters also?) you will be best prepared to calculate the impact.
With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!