The Splunk Cloud Platform deployment architecture varies based on data and search load. Splunk Enterprise Security is available as a service in Splunk Cloud Platform. To properly scale your distributed search deployment with Splunk Enterprise Security, see Indexer scaling considerations for Splunk Enterprise Security. See Forward search head data to the indexer layer in the Distributed Search manual. In a distributed search deployment, and to implement search head clustering, configure the search head to forward all data to the indexers. Use forwarders to collect your data and send it to the indexers.Using multiple indexers allows both the data collected by the forwarders and the workload of processing the data to be distributed across the indexers. Improve search performance by using an index cluster and distributing the workload of searching data across multiple nodes.See Introduction to capacity planning for Splunk Enterprise in the Splunk Enterprise Capacity Planning Manual. It depends on the capacity of your specific environment and the workload of the apps you're already running, in addition to your Enterprise Security workload. A dedicated search head is not required for every implementation.
SPLUNK ENTERPRISE SECURITY SIEM INSTALL
Splunk Enterprise Security is also available in Splunk Cloud Platform. You can deploy Splunk Enterprise Security in a single instance deployment or a distributed search deployment. Review the system and hardware requirements and the search head and indexer considerations before deploying Enterprise Security. Deploy Splunk Enterprise Security on a configured Splunk platform installation.
0 kommentar(er)
