Splunk Enterprise Security

Splunk App for Enterprise Security Installation?

himapate
Explorer

Hi ,

I am planning to install ES in my environment.
I have 3 indexer, 1 master node, 1 deployment server.
Currently having 1 search head. Going through various Docs noticed that i need to install ES on a separate SH and it doesn't fit well with SH Clustering.
So is it possible to deploy 1 search head with ES only and its add on and other search head with all the apps?
How can it be done ?

Thanks

0 Karma
1 Solution

ryanoconnor
Builder

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

View solution in original post

0 Karma

splunk_force_as
Path Finder

Yes, very possible. You are able to deploy two search heads, make the indexers search peers to both search heads so that they will be searching over the same data, deploy Enterprise Security to one search head, deploy all other non-ES related apps to the other and ensure that you have the proper users and roles setup.

0 Karma

ryanoconnor
Builder

It's definitely possible and recommended.

  1. You'll install two different search heads with Splunk Enterprise on them.
  2. You'll connect each Search Head you utilize your indexers as search peers.
  3. You'll install ES on one search head
  4. You'll utilize the second search head to do any other searching and reporting.

Let me know if you have any questions.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...