Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

international site best practices

earixson
Engager
‎06-09-2014 09:11 AM

WE have two small international sites. What's the best practice for getting that data into our main SPlunk here in the U.S.? Our main concern is bandwidth usage.

Should we have an indexer at each site as detailed int eh Multi-Site cluster doc?
should we first try using the compression on the data flowing back to the US?

WE have an enterprise license, BTW.

Reply

mahamed_splunk
Splunk Employee
Splunk Employee
‎06-16-2014 10:57 AM

It depends on what your end goal is. For eg, you could have an indexer in your international site and have all your international forwarders send the data to that indexer. From there onwards the multisite clustering can take over and replicate the data to the US side.

The other way would be to have your international forwarders send the data to US indexers directly, eliminating the need to have an indexer in international site.

Irrespective of the options, the data needs to be transferred over the WAN. So it mainly depends on the amount of data and your network speed.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...