Splunk Enterprise Security

Splunk Enterprise Distributed Deployment Guide RHEL 7

grantk87
New Member

Hello,

I have inherited a Splunk Enterprise deployment with a mixed OS (Windows/Linux) environment. We are in the process of converting this to a full linux instance and want to leave the Hybrid instance behind. Could someone provide me a link to a step-by-step configuration process for setting up the following:

  1. A Search Head Cluster (3 search heads)

  2. Indexer Cluster (5 indexers). - NOTE: This is already functioning in the old instance, so I believe I can figure this one out. However, I just want to ensure this is done right.

  3. Deployer/Cluster Master

We already have a Deployment server in place and 4 Heavy forwarders. My biggest concern is setting up the search head cluster since we do not currently have this implemented. Any help will be greatly appreciated.

Thanks
grantk1987

0 Karma

inventsekar
Super Champion

this is a big task.. maybe, you need to this step by step.. and when you are stuck at a particular step, you can ask that issue, so that we can reply..

0 Karma

gjanders
SplunkTrust
SplunkTrust

Inherit a Splunk Enterprise Deployment

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma

codebuilder
Influencer

https://docs.splunk.com/Documentation/Splunk/7.3.0/DistSearch/SHCdeploymentoverview

----
An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.