How to configure Splunk as different Instance like...

Ashwini008 · ‎04-01-2021

Hi,

I am setting up Splunk Arcitecture.To start, After installing the tar file how do we configure that tar to act as Heavy Forwader?

what is the configuration file which make it as HF?

Any suggestion or doc please?

michael_wong · ‎04-02-2021

Heavy Forwareder, Search Head,Indexer,license Master, Deployment server, these are different role for splunk, the installation is no different among them. The only difference is how you do the configuration. You can use one instance to play all the role in one server., OR deploy each role in different servers, that depend on the scaling of your deployment.

https://docs.splunk.com/Documentation/Splunk/8.1.3/Deploy/Distributedoverview

Ashwini008 · ‎04-01-2021

What configuration gets created when we run the below command?

splunk enable app SplunkForwarder -auth <username>:<password>

aasabatini · ‎04-02-2021

Hi @Ashwini008

this comand is for the uf.

Please read this documentation to understand the difference from UF to HF.

https://www.splunk.com/en_us/blog/tips-and-tricks/universal-or-heavy-that-is-the-question.html

Karma given or solution confirmation is appreciated

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

aasabatini · ‎04-01-2021

Hi @Ashwini008 ,

the installation of splunk ROLE is the same, for the HF you need to set up the forwarder license.

Please check the documentation for the roles

https://docs.splunk.com/Documentation/Splunk/8.1.3/Updating/Deploymentserverarchitecture

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

How to configure Splunk as different Instance like Indexers and Search Head etc

administration

configuration

installation

using Splunk Enterprise

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM