Deployment server

Now that we know what types of data inputs there are, let's say that you have 500 Forwarders and they are different parts of unique systems. How do you manage all of that?

I've got three words for you: Splunk deployment server.

If you're not familiar with Splunk deployment server, I highly recommend you become familiar. With a large deployment of Splunk it's surely the easiest way to manage all of your data inputs for your various systems:

Basics: As a general rule of thumb, in Splunk best practices, in Splunk architecture, there should be at least one deployment server. That deployment server would sit behind a load balancing device (let's use F5) and have its own DNS address.
Reason: Because if anything ever happens to your DS, ...

Get Splunk Best Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Best Practices by Travis Marlette

Deployment server

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly