Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

international site best practices

earixson
Engager
‎06-09-2014 09:11 AM

WE have two small international sites. What's the best practice for getting that data into our main SPlunk here in the U.S.? Our main concern is bandwidth usage.

Should we have an indexer at each site as detailed int eh Multi-Site cluster doc?
should we first try using the compression on the data flowing back to the US?

WE have an enterprise license, BTW.

Reply

mahamed_splunk
Splunk Employee
Splunk Employee
‎06-16-2014 10:57 AM

It depends on what your end goal is. For eg, you could have an indexer in your international site and have all your international forwarders send the data to that indexer. From there onwards the multisite clustering can take over and replicate the data to the US side.

The other way would be to have your international forwarders send the data to US indexers directly, eliminating the need to have an indexer in international site.

Irrespective of the options, the data needs to be transferred over the WAN. So it mainly depends on the amount of data and your network speed.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...