Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Enterprise Security Installation?

himapate
Explorer
‎07-01-2016 10:28 AM

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 11:16 AM

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

splunk_force_as
Path Finder
‎07-01-2016 11:38 AM

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

0 Karma
Reply
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 11:16 AM

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...