Splunk Enterprise Security

Splunk Enterprise Distributed Deployment Guide RHEL 7

New Member


I have inherited a Splunk Enterprise deployment with a mixed OS (Windows/Linux) environment. We are in the process of converting this to a full linux instance and want to leave the Hybrid instance behind. Could someone provide me a link to a step-by-step configuration process for setting up the following:

  1. A Search Head Cluster (3 search heads)

  2. Indexer Cluster (5 indexers). - NOTE: This is already functioning in the old instance, so I believe I can figure this one out. However, I just want to ensure this is done right.

  3. Deployer/Cluster Master

We already have a Deployment server in place and 4 Heavy forwarders. My biggest concern is setting up the search head cluster since we do not currently have this implemented. Any help will be greatly appreciated.


0 Karma

Super Champion

this is a big task.. maybe, you need to this step by step.. and when you are stuck at a particular step, you can ask that issue, so that we can reply..

0 Karma

0 Karma

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!