Splunk Search

Splunk Architecture with two IP addresses

rubeniturrieta
Communicator

Hi to everyone

It makes sense to have a Splunk Architecture, with machines with two addresses?

For example:

  • 1 Indexer with 1 address for web access, and another address for receive syslog

Another example:

  • 1 indexer with 1 address for web access, and another address for index replication

Thanks in advance

Regards

0 Karma
1 Solution

Yasaswy
Contributor

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

View solution in original post

Yasaswy
Contributor

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

rubeniturrieta
Communicator

Ok, thanks you Yasaswy

0 Karma
Get Updates on the Splunk Community!

Set Up More Secure Configurations in Splunk Enterprise With Config Assist

This blog post is part 3 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...