I need to build Splunk Distributed Environment, how should i configure the different components. I have License/Cluster Master, Indexers, search head and Deployment Server.
I am thinking of below chronology,
1. License/Cluster Master/Deployment Server
2. Indexers
3. search head
4. Heavy Forwarder
Is it right enough, or is there a better way? Also what precautions/prequisite should i keep in mind while deploying all these?
... View more