Splunk Enterprise Security

Splunk App for Enterprise Security Installation?

himapate
Explorer

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

0 Karma
1 Solution

ryanoconnor
Builder

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma

splunk_force_as
Path Finder

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

0 Karma

ryanoconnor
Builder

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

0 Karma
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...