Solved: Splunk Architecture with two IP addresses

rubeniturrieta · ‎10-01-2015

Hi to everyone

It makes sense to have a Splunk Architecture, with machines with two addresses?

For example:

1 Indexer with 1 address for web access, and another address for receive syslog

Another example:

1 indexer with 1 address for web access, and another address for index replication

Thanks in advance

Regards

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

View solution in original post

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

rubeniturrieta · ‎10-01-2015

Ok, thanks you Yasaswy

Splunk Architecture with two IP addresses

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

Improve Data Pipelines Using Splunk Data Management

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?