Splunk Enterprise
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

A question about installing and configuring Splunk Enterprise on Windows server before start ingesting data

jkamdar
Path Finder
‎12-11-2024 12:09 PM

I just installed Splunk Enterprise on Windows Server 2022. I am able to access web gui. 

At this point, do i need make any changes to server.conf, inputs.conf? 

Also, below are the steps I am thinking before I install UF on clients.

  • Configure LDAP and other parameters
  • Create users (Admin and other users) 
  • Identify data ingestion disk partition 
  • Enable Data receiving  
  • Create indexes  

Am I missing anything before I install UF and start sending data to the indexer? I have checked the document site but haven't found anything specific about the initial configuration; maybe I am not looking at the right place. 

Thanks for your help in advance. 

 

Labels (2)
Labels
0 Karma
Reply

jkamdar
Path Finder
‎12-12-2024 06:30 AM

Thanks for your response @isoutamo and @PickleRick and totally agree, there is more to Splunk deployment than just initial configuration. This is for a small lab (10-15 UFs) and can't afford to hire help.

For now, I want compile list of steps one should do to have a initial configuration ready. 

BTW, I read somewhere, FIPS for Splunk is only supported on Linux systems and not on Windows, is that correct?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-11-2024 12:57 PM

Hi

As already said there is a lot of stuff to tweak before you should do it in production, but those are dependent what is your use case. With PoC environment you can start with e.g. this https://lantern.splunk.com/Splunk_Platform/Getting_Started/Getting_started_with_Splunk_Enterprise?mt...

But for real production I propose that you should hire some Splunk Partner or other person who already know what needs to do and how.

t. Ismo

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎12-11-2024 12:44 PM

As usual, it depends. Right after installation Splunk can be used and often is - for example - in PoC/PoV scenarios where you just want to show the prospect customer what it can do on a quick and dirty setup. But such setup will probably quickly hit some problems due to not pre-configuring it. But it's not only about configuration as technical process of setting stuff via gui/conf files/cli/rest api but also about planning your environment.

0 Karma
Reply
Get Updates on the Splunk Community!

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting

Splunk is excited to announce new releases that empower ITOps and engineering teams to stay ahead in ever ...
Top