Prerequisites
With all Splunk deployments you need to consider the use case and usage expectation of the system when planning your Splunk hardware capacity. Splunk performance and scalability is influenced by data volume, search quantity, search frequency, and search complexity. These factors, the deployment architecture, and hardware used for the deployment, will determine your success with Enterprise Security.
The Splunk App for Enterprise Security performs a large number of real-time and scheduled searches. These searches have an impact on the overall deployment performance.
In preparation for your deployment, you will need to:
1. Understand your use case and usage expectations
2. Identify your search head hardware capacity
3. Identify your indexer hardware requirements and capacity
4. Plan your installation
Be sure that you have gone through these planning steps, and fulfilled these requirements before you install the Splunk App for Enterprise Security 3.0 release.
Splunk Enterprise version
The Splunk App for Enterprise Security is dependent on the Splunk Enterprise platform, which must be installed and configured prior to installing and deploying the Splunk App for Enterprise Security.
The Splunk App for Enterprise Security 3.0.1 requires Splunk Enterprise version 6.0.2 or 6.1.x on all search heads and indexers.
Supported operating systems
The operating system refers to the system where the Splunk search head is used. The Splunk App for Enterprise Security runs on the search head and is limited to the following platforms:
- CentOS 5,6 x86,x64
- Other Linux x86, x84
- Windows 2008 R2 x86, x64
- Windows 2008 x86, x64
- Windows 2003 x86, x64
- Windows 7 x86, x64
- MacOSX 10.6 and above, x64
The components that are distributed to the forwarders or indexers are supported across all supported operating systems as defined by the "System requirements" in the core Splunk product documentation.
Supported client operating systems
The client is the system that is used to connect to SplunkWeb via a web browser. The OSs that are supported include:
- Windows 2008 R2 x86, x64
- Windows 2008 x86, x64
- Windows 2003 x86, x64
- Windows 7 x86, x64
- MacOSX 10.6 and above, x64
Supported browsers
- Microsoft Internet Explorer 9, 10
- Firefox latest (currently 25)
- Chrome latest (currently 31)
- Safari latest (currently 6)
Plan your deployment | Hardware requirements |
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0.1
Feedback submitted, thanks!