Splunk Enterprise Security
Highlighted

Splunk App for Enterprise Security Installation?

Explorer

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

0 Karma
Highlighted

Re: Splunk App for Enterprise Security Installation?

Builder

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma
Highlighted

Re: Splunk App for Enterprise Security Installation?

Path Finder

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

0 Karma