Splunk® Enterprise

Splunk Enterprise Overview

Splunk Enterprise version 7.2 is no longer supported as of April 30, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Splunk Enterprise administration

This topic lists common administrator tasks and directs you to the relevant topics within the associated manuals.

Install and upgrade Splunk Enterprise

The Installation Manual describes how to install and upgrade Splunk Enterprise.

Task: Look here:
Understand installation requirements Installation overview
Estimate hardware capacity needs Introduction to capacity planning for Splunk Enterprise
Install Splunk Enterprise

Choose the Windows user Splunk Enterprise should run as

Install on Linux

Install on Mac OS X

Upgrade Splunk Enterprise How to upgrade Splunk Enterprise
Perform backups

Back up configuration information

Back up indexed data

Set a retirement and archiving policy

Get data into Splunk Enterprise

Getting Data In describes the types of Splunk data inputs and how to get data into your Splunk deployment.

Task: Look here:
Learn how to consume external data What data can I index?
Configure file and directory inputs Monitor files and directories
Configure network inputs Get data from TCP and UDP ports
Configure Windows inputs Considerations for deciding how to monitor remote Windows data
Configure miscellaneous inputs

Monitor First In, First Out (FIFO) queues

Monitor changes to your file system

Get data from APIs and other remote data interfaces through scripted inputs

Enhance the value of your data

Overview of event processing

How timestamp assignment works

About indexed field extraction

About hosts

Why source types matter

About event segmentation

See how your data will look after indexing The Set Sourcetype page
Improve the data input process Use a test index to test your inputs
Understand the data pipeline How data moves through Splunk Enterprise: the data pipeline

Manage indexes and indexers

Managing Indexers and Clusters describes how to configure indexes and manage indexers, the components that maintain indexes.

Task: Look here:
Learn about indexing Indexes, indexers, and indexer clusters
Manage indexes About managing indexes
Manage index storage How the indexer stores indexes
Back up indexes Back up indexed data
Archive indexes Set a retirement and archiving policy
Learn about clusters and index replication About indexer clusters and index replication
Deploy clusters Indexer cluster deployment overview
Configure clusters Manager configuration overview
Manage clusters View the manager dashboard
Learn about cluster architecture Basic indexer cluster concepts for advanced users

Scale Splunk Enterprise

The Distributed Deployment Manual describes how to distribute Splunk Enterprise functionality across multiple components, such as forwarders, indexers, and search heads.

Task: Look here:
Learn about Splunk Enterprise distributed deployments Scale your deployment with Splunk Enterprise components
Perform capacity planning for Splunk deployments Introduction to capacity planning for Splunk Enterprise
Learn how to forward data About forwarding receiving
Distribute searches across multiple indexers About distributed search
Deploy configuration updates across your environment About deployment server and forwarder management

Associated manuals cover distributed components in detail:

Secure Splunk Enterprise

Securing Splunk Enterprise describes how to secure your Splunk Enterprise deployment.

Task: Look here:
Authenticate users and edit roles About user authentication
Secure Splunk data with SSL About securing Splunk Web
Audit Splunk Enterprise

Use Splunk Enterprise to audit your system activity

Audit Splunk activity

Use audit events to secure Splunk Enterprise

Manage data integrity

Use Single Sign-on (SSO) with Splunk Enterprise About Single Sign-On using reverse proxy
Use Splunk Enterprise with LDAP Set up user authentication with LDAP
Last modified on 08 February, 2021
Support and resources for Splunk Enterprise   Search and reporting

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters