Splunk Enterprise

Is it possible to access Splunk from different Vlan?

Mfmahdi
Explorer

Our Splunk environment is working specific vlan our management want to have to Splunk moved to out of band management or move some management servers of Splunk to different vlan and access the management servers through ssh by using out band management is this can be Done?

Thank you in advance 

Labels (1)
0 Karma
1 Solution

PickleRick
SplunkTrust
SplunkTrust

There are many sides to this question.

Yes, since splunk is "just" a service running on top of your operating system, it can use any IP your OS is set up with.

But.

Depending on complexity of your whole environment, moving Splunk to another IP might introduce some challenges. You have to make sure that our forwarders send their data to the proper address (and are pointed at the proper Deployment Server if you're using one). If you have multiple Splunk components (separate - possibly clustered - indexers, separate - possibly clustered - search heads), they must have consistent configuration and be able to see each other.

So it might be as easy as just reconfiguring your OS and - if there aren't many of them - reconfiguring forwarders by hand or as complicated as going over a complicated multi-layered environment and doing the changes in proper order and making sure that config for the whole setup makes sense.

Also complexity of the operation can differ depending on whether you want it (mostly) online or if you can allow significant downtime.

If you have something bigger than a standalone single-server instance, you might want to (and I strongly suggest you do that) engage your local friendly Splunk Partner.

View solution in original post

0 Karma

PickleRick
SplunkTrust
SplunkTrust

There are many sides to this question.

Yes, since splunk is "just" a service running on top of your operating system, it can use any IP your OS is set up with.

But.

Depending on complexity of your whole environment, moving Splunk to another IP might introduce some challenges. You have to make sure that our forwarders send their data to the proper address (and are pointed at the proper Deployment Server if you're using one). If you have multiple Splunk components (separate - possibly clustered - indexers, separate - possibly clustered - search heads), they must have consistent configuration and be able to see each other.

So it might be as easy as just reconfiguring your OS and - if there aren't many of them - reconfiguring forwarders by hand or as complicated as going over a complicated multi-layered environment and doing the changes in proper order and making sure that config for the whole setup makes sense.

Also complexity of the operation can differ depending on whether you want it (mostly) online or if you can allow significant downtime.

If you have something bigger than a standalone single-server instance, you might want to (and I strongly suggest you do that) engage your local friendly Splunk Partner.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Yes, it can be done.  With the proper network configuration, Splunk can be accessed from anywhere in the world.  All you tell Splunk is the port number to listen on - everything else is up to your network admins.

---
If this reply helps you, Karma would be appreciated.
0 Karma

Mfmahdi
Explorer

tanks a lot 🙂

0 Karma
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...