Setting up Splunk for the first time, was wondering if I could get some advice. I have to install it as a local system account or domain user. What is the most common method used by administrators? My infrastructure is as follows;
Four physical host for vmware infrastructure, each host has 256 GB RAM and 16 cores, so hosts are hardly being taxed,50-55 virtual servers, Compellent SAN with 15k drives at tier 1, and 7200k drives at tier 3, Cisco ASA5525-X
I will be the only one looking at the logs and running any reports, so just one user. We have the lowest Splunk license of 500mb.
My initial thought was to install as a local system account, then put the universal forwarder on my servers to send logs to the splunk server? This is the first time I have set up any type of syslog server, and would appreciate some insight to get me started down the right path, thanks.
... View more