Solved: ES 6.4 Fresh Install

mikefg · ‎12-11-2020

I am working on a fresh install of ES 6.4. I already have a Splunk Ent environment with an indexer tier, apps, single search head, etc. ES has been installed on a standalone search head, but not configured. I have configured ES before, but it was a few versions and a few years back.

What are some good resources to get ES configured besides the install docs?

Since I already have a Splunk environment with forwarders, add-ons, etc. it looks like my next step might be 'Create the Splunk_TA_ForIndexers and manage deployment manually'. If I go to this step am I skipping something I shouldn't skip?
https://docs.splunk.com/Documentation/ES/6.4.0/Install/InstallTechnologyAdd-ons

richgalloway · ‎12-11-2020

You may want to send those configurations separately, especially in a indexer cluster.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎12-11-2020

Follow all of the steps in that document (except those pertaining to search head clusters) and you should be fine.

---
If this reply helps you, Karma would be appreciated.

mikefg · ‎12-11-2020

This helps. One question on the TA For Indexers. Why are these two settings optional when downloading the package?

Include index time properties
Include index definitions

richgalloway · ‎12-11-2020

You may want to send those configurations separately, especially in a indexer cluster.

---
If this reply helps you, Karma would be appreciated.

ES 6.4 Fresh Install

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!