Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

A question about installing and configuring Splunk Enterprise on Windows server before start ingesting data

jkamdar
Communicator
‎12-11-2024 12:09 PM

I just installed Splunk Enterprise on Windows Server 2022. I am able to access web gui. 

At this point, do i need make any changes to server.conf, inputs.conf? 

Also, below are the steps I am thinking before I install UF on clients.

  • Configure LDAP and other parameters
  • Create users (Admin and other users) 
  • Identify data ingestion disk partition 
  • Enable Data receiving  
  • Create indexes  

Am I missing anything before I install UF and start sending data to the indexer? I have checked the document site but haven't found anything specific about the initial configuration; maybe I am not looking at the right place. 

Thanks for your help in advance. 

 

Labels (2)
Labels
0 Karma
Reply

jkamdar
Communicator
‎12-12-2024 06:30 AM

Thanks for your response @isoutamo and @PickleRick and totally agree, there is more to Splunk deployment than just initial configuration. This is for a small lab (10-15 UFs) and can't afford to hire help.

For now, I want compile list of steps one should do to have a initial configuration ready. 

BTW, I read somewhere, FIPS for Splunk is only supported on Linux systems and not on Windows, is that correct?

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-11-2024 12:57 PM

Hi

As already said there is a lot of stuff to tweak before you should do it in production, but those are dependent what is your use case. With PoC environment you can start with e.g. this https://lantern.splunk.com/Splunk_Platform/Getting_Started/Getting_started_with_Splunk_Enterprise?mt...

But for real production I propose that you should hire some Splunk Partner or other person who already know what needs to do and how.

t. Ismo

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎12-11-2024 12:44 PM

As usual, it depends. Right after installation Splunk can be used and often is - for example - in PoC/PoV scenarios where you just want to show the prospect customer what it can do on a quick and dirty setup. But such setup will probably quickly hit some problems due to not pre-configuring it. But it's not only about configuration as technical process of setting stuff via gui/conf files/cli/rest api but also about planning your environment.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...