Splunk Enterprise

What is the difference between full stack splunk and splunk enterprise?

Shakeer_Spl
Explorer

Hi Folks,

Please note that I am new to splunk,

I have a question what is the difference between full stack splunk and splunk enterprise

Would be appreciate your kind support you 

Labels (1)
0 Karma
1 Solution

Shakeer_Spl
Explorer

Hi gcusello,

 
Thanks for your time, i would like to ask you that splunk enterprise version is Splunk full stack which is required to configuring splunk heavy forwarders 
that I understood from your answer is it correct please let me know
Thanks for your kind support

View solution in original post

0 Karma

Shakeer_Spl
Explorer

Hi gcusello,

 
Thanks for your time, i would like to ask you that splunk enterprise version is Splunk full stack which is required to configuring splunk heavy forwarders 
that I understood from your answer is it correct please let me know
Thanks for your kind support
0 Karma

PickleRick
SplunkTrust
SplunkTrust

It's hard to say what you mean by "full stack".

Splunk as a company has many different products/services. Typically when talking about "Splunk" as a product it's implied that we're talking about environment of Splunk Enterprise or Splunk Free (which is the same Splunk Enterprise binary but with a limited Splunk Free license applied) instance(s) and Splunk Universal Forwarders

Splunk Enterprise can be configured, depending on the needed role, as indexer, search-head, heavy forwarder, deployment server, shc deployer, cluster manager. But these are all instances of Splunk Enterprise servers.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shakeer_Spl,

Splunk on premise has two main products (there are many others but for this scope two products):

  • Splunk Enterprise:
  • Splunk Universal Forwarder.

The second is a light agent that can be used only to input data and is usually installed on the target servers.

The second is a full stack version of the product that is usually installed on one or more dedicated servers, it  can be used for all roles except agent: Indexer, Search Head, Heavy Forwarder, Master Node, License master, Deployer.

What is your requirement?

Ciao.

Giuseppe

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @Shakeer_Spl,

Splunk sells it's main solution in two ways:

  • Splunk Cloud,
  • Splunk Enterprise.

Splunk Enterprise is the on-premise version of Splunk Platform, differentiated by Splunk Cloud.

Splunk Enterprise can have many roles, but it's used always the same software version with the only exception of Splunk Universal Forwarder.

When you speak of full stack Splunk, probably you want to differentiate Splunk Heavy Forwarder from Splunk Universal Forwarder that are two different products and distributions:

  • Splunk Universal Forwarder is an agent: a light versione of Splunk (different than Splunk Enterprise), without GUI, used only to ingest logs.
  • Splunk Heavy Forwarder is a full stack Splunk Enterprise version of the product, where some features (e.g. indexing) aren't used because the scope of this role is take logs and forward them to Indexers.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...