Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

A question about installing and configuring Splunk Enterprise on Windows server before start ingesting data

jkamdar
Path Finder
a week ago

I just installed Splunk Enterprise on Windows Server 2022. I am able to access web gui. 

At this point, do i need make any changes to server.conf, inputs.conf? 

Also, below are the steps I am thinking before I install UF on clients.

  • Configure LDAP and other parameters
  • Create users (Admin and other users) 
  • Identify data ingestion disk partition 
  • Enable Data receiving  
  • Create indexes  

Am I missing anything before I install UF and start sending data to the indexer? I have checked the document site but haven't found anything specific about the initial configuration; maybe I am not looking at the right place. 

Thanks for your help in advance. 

 

Labels (2)
Labels
0 Karma
Reply

jkamdar
Path Finder
a week ago

Thanks for your response @isoutamo and @PickleRick and totally agree, there is more to Splunk deployment than just initial configuration. This is for a small lab (10-15 UFs) and can't afford to hire help.

For now, I want compile list of steps one should do to have a initial configuration ready. 

BTW, I read somewhere, FIPS for Splunk is only supported on Linux systems and not on Windows, is that correct?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
a week ago

Hi

As already said there is a lot of stuff to tweak before you should do it in production, but those are dependent what is your use case. With PoC environment you can start with e.g. this https://lantern.splunk.com/Splunk_Platform/Getting_Started/Getting_started_with_Splunk_Enterprise?mt...

But for real production I propose that you should hire some Splunk Partner or other person who already know what needs to do and how.

t. Ismo

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
a week ago

As usual, it depends. Right after installation Splunk can be used and often is - for example - in PoC/PoV scenarios where you just want to show the prospect customer what it can do on a quick and dirty setup. But such setup will probably quickly hit some problems due to not pre-configuring it. But it's not only about configuration as technical process of setting stuff via gui/conf files/cli/rest api but also about planning your environment.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...