I'm trying to install the Splunk for Palo Alto Networks Addin/App for Splunk onto an instance of Splunk Light running on top of Ubuntu 14.04.3 LTS. The installation instructions indicate the package may be downloaded directly (which I have done) or installed from git.
I have attempted the git method, but I am getting an error as below:
fatal: unable to access 'https://github.com/PaloAltoNetworks-BD/SplunkforPaloAltoNetworks.git/': gnutls_handshake() failed: An unexpected TLS packet was received.
I'm not sure how to handle the direct download installation method. There doesn't appear to be instructions for this. I downloaded the .tgz and extracted to the /opt/splunk/etc/apps directory and restarted Splunk, but I don't see anything. Note that I am using Splunk Light and not Splunk Enterprise - I don't think the light version supports downloading apps from the apps homepage as is described in the documentation.
By the way, I am pretty inexperienced with Splunk so I apologize in advance if I omitted anything here.
Any help would be appreciated. Thank you.
... View more
I have been looking around this site and in the official documentation for sizing information on Splunk Light. I have not been able to find any specific recommendations for Splunk Light (most of the recommendations seem to be for Enterprise). I need to deploy a very low volume Splunk Light instance (beginning with the 1GB per day indexing volume).
I want to deploy this on new storage however we do not have capacity on the production Compellent SAN. I'm considering using a relatively inexpensive storage appliance such as the Buffalo TeraStation™ 5000N WSS Series. This is not great from an IO perspective...it maxes out at 6 SATA drives. However, I am wondering if this will be sufficient for the low amount of indexing we need to do. Surely the recommendations of 800 or 1200 IOPS for a full Splunk Enterprise indexer would be lower for our use case? But I cannot find any data on this.
Second, we are considering this type of appliance running Windows Storage Server and would probably run Splunk directly on the WSS operating system on this appliance. Any considerations with this?
Any feedback would be appreciated. Thanks!
... View more