Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Enterprise Security Installation?

himapate
Explorer
‎07-01-2016 10:28 AM

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 11:16 AM

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

splunk_force_as
Path Finder
‎07-01-2016 11:38 AM

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

0 Karma
Reply
Solved! Jump to solution
Solution

ryanoconnor
Builder
‎07-01-2016 11:16 AM

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!