Splunk Enterprise Security

Splunk Enterprise Distributed Deployment Guide RHEL 7

New Member


I have inherited a Splunk Enterprise deployment with a mixed OS (Windows/Linux) environment. We are in the process of converting this to a full linux instance and want to leave the Hybrid instance behind. Could someone provide me a link to a step-by-step configuration process for setting up the following:

  1. A Search Head Cluster (3 search heads)

  2. Indexer Cluster (5 indexers). - NOTE: This is already functioning in the old instance, so I believe I can figure this one out. However, I just want to ensure this is done right.

  3. Deployer/Cluster Master

We already have a Deployment server in place and 4 Heavy forwarders. My biggest concern is setting up the search head cluster since we do not currently have this implemented. Any help will be greatly appreciated.


0 Karma

Super Champion

this is a big task.. maybe, you need to this step by step.. and when you are stuck at a particular step, you can ask that issue, so that we can reply..

>>> Happy Splunking !
0 Karma


Inherit a Splunk Enterprise Deployment

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma



An upvote would be appreciated and Accept Solution if it helps!
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!