Splunk Enterprise Security

Does Splunk App for Enterprise Security support multi-site cluster architecture?

rgaleone1
Path Finder

Splunk documentation for the Enterprise Security App lists support for single-site cluster architectures. I am planning a large ES installation across multiple geographical locations and wanted to know if the ES app (latest version) was able to support a multi-site cluster architecture.

Source: Splunk Enterprise Security App Installation and Configuration Manual

ekost
Splunk Employee
Splunk Employee

The Enterprise Security app Deployment planning topic on Clustering has been updated to show support for multisite clustering. Please note that a single-site or multi-site cluster architecture can have one search head or search head pool with a running instance of the Splunk App for Enterprise Security. Any other search heads cannot run the Enterprise Security app.

Thanks!

mahamed_splunk
Splunk Employee
Splunk Employee

ES 3.1.0 has been certified to run on multisite clustering. Filed a request to update the docs.

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...