Solved: Splunk App for Enterprise Security Installation?

himapate · ‎07-01-2016

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

ryanoconnor · ‎07-01-2016

It's definitely possible and recommended.

You'll install two different search heads with Splunk Enterprise on them.
You'll connect each Search Head you utilize your indexers as search peers.
You'll install ES on one search head
You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

splunk_force_as · ‎07-01-2016

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

ryanoconnor · ‎07-01-2016

It's definitely possible and recommended.

You'll install two different search heads with Splunk Enterprise on them.
You'll connect each Search Head you utilize your indexers as search peers.
You'll install ES on one search head
You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.