Other Usage

I have a question about the architecture of the website home lab.

informations4
New Member

Dear Sir/Madam,
With someone retiring, I can advance from being a Splunk Enterprise Certified Administrator to becoming a Splunk Architect. To gain experience and practice, I would like to set up a home lab to take the Splunk Architect courses.

I want to set up a virtual Home Lab with a Splunk distributed search environment, an indexer cluster, and a deployment server to deploy all the apps to the forwarders. Should I spin up how many Ubuntu Server VMs in Hyper-V? One search head, two indexers (right? ), a deployment server, a management node, and an HF for practice. Six VMs in total? Is that too few? or too many? Depending on how many Splunk roles each VM can play, I'm still determining. Online, this information is hard to find.

I'm only going to ingest a few data sources for practice.



0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @informations4,

in my opinion, in general, you should have:

  • an Indexer Cluster with two Indexers and a Master Node,
  • eventually (better!) a Search Head Cluster, with three Search Heads and a Deployer, only for lab, you could put the Deployer on the same server of Master Node, if you don't want a Search Head Cluster, you can use one Search Head,
  • a Deployment Server, only for lab, you could put it on the same server of Master Node,
  • une or two Universal Forwarders (possibly one Linux and one Windows),
  • then you should configure one of the servers to send syslogs to the Linux Universal Forwarder.

I configured my lab with six VMs and I used my laptop as client to manage using the DS.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...