Solved: Splunk Architecture with two IP addresses

rubeniturrieta · ‎10-01-2015

Hi to everyone

It makes sense to have a Splunk Architecture, with machines with two addresses?

For example:

1 Indexer with 1 address for web access, and another address for receive syslog

Another example:

1 indexer with 1 address for web access, and another address for index replication

Thanks in advance

Regards

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

View solution in original post

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

rubeniturrieta · ‎10-01-2015

Ok, thanks you Yasaswy

Splunk Architecture with two IP addresses

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

Observability Highlights | November 2022 Newsletter

Enterprise Security Content Update (ESCU) v3.54.0