Cover by Vincent Bumgarner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

O'Reilly logo

Splunk instance types

In a distributed deployment, different Splunk processes will serve different purposes. There are four stages of processing that are generally spread across two to four layers. The stages of processing include:

  • input: This stage consumes raw data, from log files, ports, or scripts
  • parsing: This stage splits raw data into events, parses time, sets base metadata, runs transforms, and so on
  • indexing: This stage stores the data and optimizes indexes
  • searching: This stage runs queries and presents the results to the user

These different stages can all be accomplished in one process, but splitting them across servers can improve performance as log volumes and search load increase.

Splunk forwarders

Each machine that contains the log ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required