Splunk Enterprise Security

Does Splunk App for Enterprise Security support multi-site cluster architecture?

rgaleone1
Path Finder

Splunk documentation for the Enterprise Security App lists support for single-site cluster architectures. I am planning a large ES installation across multiple geographical locations and wanted to know if the ES app (latest version) was able to support a multi-site cluster architecture.

Source: Splunk Enterprise Security App Installation and Configuration Manual

ekost
Splunk Employee
Splunk Employee

The Enterprise Security app Deployment planning topic on Clustering has been updated to show support for multisite clustering. Please note that a single-site or multi-site cluster architecture can have one search head or search head pool with a running instance of the Splunk App for Enterprise Security. Any other search heads cannot run the Enterprise Security app.

Thanks!

mahamed_splunk
Splunk Employee
Splunk Employee

ES 3.1.0 has been certified to run on multisite clustering. Filed a request to update the docs.

Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques

Hello! We are excited to kick off a new series of blogs from SplunkTrust member ITWhisperer, who demonstrates ...

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...