Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do you configure Splunk Enterprise in a distributed environment?

dhirendra761
Contributor
‎08-30-2018 12:46 AM

We need to install Splunk Enterprise in one Windows machine (server) , which can read all the logs files ( generated inside in machine itself in directory). Many other Windows OS users (clients) with different Splunk account need to be able to access/analyze those logs from his own machine and create their own dashboards as well. The user's(clients) machine doesn't have Splunk enterprise.

So how we can do that? What are the process that server creates instances for many other users and user can access the logs from server machine.

That’s my question. I have searched a lot, but have not been able to find the relevant answer. Can you please help me with this and provide a path forward.

Thanks,

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎08-30-2018 01:13 AM

you need not plan for a distributed splunk deployment..

Rough plan ...
Install splunk indexer(it can monitor its own logs), and splunk universal forwarders on the client machines.
The log files can be ingested and sent to splunk indexer.. and then you can configure splunk search head on a separate server(if high number of clients and users) and then create dashboards/alerts/reports can be created by the splunk users themselves.

this page got lot of documentation about splunk deployment..
http://docs.splunk.com/Documentation/Splunk#tab4

check this document...
http://docs.splunk.com/Documentation/Splunk/7.1.2/Deploy/Singleindexer

View solution in original post

0 Karma
Reply
Solved! Jump to solution

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-30-2018 02:08 PM

hey @dhirendra761,

Did the answer below help you out? If not, go ahead and give us some more info on your problem. Keep those updates coming so that others can help out.

But if that answer is sufficient, please approve it. Also, upvote the users that help you out! Because, well, they are the best.

Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎08-30-2018 01:13 AM

you need not plan for a distributed splunk deployment..

Rough plan ...
Install splunk indexer(it can monitor its own logs), and splunk universal forwarders on the client machines.
The log files can be ingested and sent to splunk indexer.. and then you can configure splunk search head on a separate server(if high number of clients and users) and then create dashboards/alerts/reports can be created by the splunk users themselves.

this page got lot of documentation about splunk deployment..
http://docs.splunk.com/Documentation/Splunk#tab4

check this document...
http://docs.splunk.com/Documentation/Splunk/7.1.2/Deploy/Singleindexer

0 Karma
Reply
Solved! Jump to solution

dhirendra761
Contributor
‎08-30-2018 09:15 PM

Hi...@inventsekar
Thanks for update.
Let me explain again my question with example.

Url of splunk enterprise for my local system is
http://localhost:8000/en-US/app/search/search. (Admin Role)

Then if I create some user roles from setting like user or power, then anyone can access above url from another system by using my ip-address.
For example in this case, the other user can access from different machine(without having spunk enterprise in his system) by http://XX.XXX.XX.XXX:8000/en-US/app/launcher/home (where XX represents my system IP)

But this will work only if we both are in same network.

My question is about what is process if we use different network or global network.
eg. Like I have installed the same thing in india and created a dashboard. Now I want that you can modify my dashboard from your location. then How i will be share my dashboard with you.
In this case of what we have to install in my system? What will be the url i need to use?

Could you please suggest on this again.

Thanks.

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎09-04-2018 02:34 AM

Hi @dhirendra761
Regarding ...your question about what is process if we use different network or global network...
as long as there network connectivity, the users can access splunk.
lets assume your project/company has two offices.. India and US.. you installed Splunk on your system at india office.. between india and US, the company will use internets connectivity and with the help of firewalls at both india and US, your company will allow only legit connections.. hope you got it..

0 Karma
Reply
Solved! Jump to solution

dhirendra761
Contributor
‎09-04-2018 03:46 AM

yes got it @inventsekar . Thanks man for the anwser. 🙂

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...