Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What is the difference between full stack splunk and splunk enterprise?

Shakeer_Spl
Explorer
‎01-31-2023 02:21 AM

Hi Folks,

Please note that I am new to splunk,

I have a question what is the difference between full stack splunk and splunk enterprise

Would be appreciate your kind support you 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Shakeer_Spl
Explorer
‎01-31-2023 12:59 PM

Hi gcusello,

 
Thanks for your time, i would like to ask you that splunk enterprise version is Splunk full stack which is required to configuring splunk heavy forwarders 
that I understood from your answer is it correct please let me know
Thanks for your kind support

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Shakeer_Spl
Explorer
‎01-31-2023 12:59 PM

Hi gcusello,

 
Thanks for your time, i would like to ask you that splunk enterprise version is Splunk full stack which is required to configuring splunk heavy forwarders 
that I understood from your answer is it correct please let me know
Thanks for your kind support
0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-01-2023 02:32 AM

It's hard to say what you mean by "full stack".

Splunk as a company has many different products/services. Typically when talking about "Splunk" as a product it's implied that we're talking about environment of Splunk Enterprise or Splunk Free (which is the same Splunk Enterprise binary but with a limited Splunk Free license applied) instance(s) and Splunk Universal Forwarders

Splunk Enterprise can be configured, depending on the needed role, as indexer, search-head, heavy forwarder, deployment server, shc deployer, cluster manager. But these are all instances of Splunk Enterprise servers.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-31-2023 11:43 PM

Hi @Shakeer_Spl,

Splunk on premise has two main products (there are many others but for this scope two products):

  • Splunk Enterprise:
  • Splunk Universal Forwarder.

The second is a light agent that can be used only to input data and is usually installed on the target servers.

The second is a full stack version of the product that is usually installed on one or more dedicated servers, it  can be used for all roles except agent: Indexer, Search Head, Heavy Forwarder, Master Node, License master, Deployer.

What is your requirement?

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎01-31-2023 04:56 AM

Hi @Shakeer_Spl,

Splunk sells it's main solution in two ways:

  • Splunk Cloud,
  • Splunk Enterprise.

Splunk Enterprise is the on-premise version of Splunk Platform, differentiated by Splunk Cloud.

Splunk Enterprise can have many roles, but it's used always the same software version with the only exception of Splunk Universal Forwarder.

When you speak of full stack Splunk, probably you want to differentiate Splunk Heavy Forwarder from Splunk Universal Forwarder that are two different products and distributions:

  • Splunk Universal Forwarder is an agent: a light versione of Splunk (different than Splunk Enterprise), without GUI, used only to ingest logs.
  • Splunk Heavy Forwarder is a full stack Splunk Enterprise version of the product, where some features (e.g. indexing) aren't used because the scope of this role is take logs and forward them to Indexers.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...