Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Adding Windows Servers In Splunk

smitagasti
New Member
‎03-26-2023 05:44 AM

Hi
So my organization uses Splunk Enterprise and I have just started learning. So I just needed to ask a question that I need to add aorund 4000+ Servers in the Splunk Enterprise so that my team can view some crucial metrics and data along with reports such as Reboot, CPU/Memory Usage, Drive Alert and all the other crucial data in a single frame. So is it technically possible and if yes how. They are all in different regions and they are in different environments such as Production, Corporate, Stage, Development, etc,. Anyone can reach out to me at smit.agasti10@gmail.com . It would be great if someone could help and be mindful I am a total rookie .

Labels (2)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-26-2023 04:42 PM

As @gcusello pointed out, this looks like a significantly sized project which should be best performed with help of skilled professionals. Deploying forwarders is one thing but making sure all you environment is properly architected and you're getting really the data you want is another thing.

Also, please note that this is a community where people share their knowledge for common good. It is not an advertising board (both for providing services and seeking them).

So the advice is - go to https://partners.splunk.com/solutionscatalog/ find a partner near you and engage this partner.

Reply

gcusello
SplunkTrust
SplunkTrust
‎03-26-2023 07:14 AM

@smitagasti.

your requirement is an interesting challenge for an absolutely large but normal project in Splunk.

But it is also a great project that requires a puntual requirements definition and design.

So at first my hint is to find a Splunk Partner (if you are in Italy, I can help you) that can follow you in this two main phases and then in the impementation, but anyway it cannot be considered a project for rockies.

At the same time it could be a good idea that you start to follow the first training courses on Splunk to underatand how Splunk works, Splunk architectures and what and how to ingest data in Splunk, for more infos you can see the youtube Splunk channel at https://www.youtube.com/@Splunkofficial and here https://www.splunk.com/en_us/training/course-catalog.html?sort=Newest&filters=filterGroup1FreeCourse... .

Anyway, the first thing is to define a monitoring perimeter, defining in an Excel file te list of the system to monitor, understand Operative Systems and so defining the Splunk UNiversal Forwarders to use.

I didn't understand if you already implemented Splunk or not, if not, you have to design your architecture starting from the main features (HA or not, network segmentation, etc...) and the volume of data to index.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

The Splunk Community Dashboard Challenge is still happening, and it's not too late to enter for the week of ...

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...