Splunk® Enterprise

Distributed Deployment Manual

Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.

Post-deployment activities

Deployment implementation is the first step in a series of admininstration-related tasks that you must perform to take full advantage of Splunk Enterprise. This topic provides a broad outline of the typical post-deployment tasks, with links to the topics that cover these issues in detail.

Key manuals for a distributed deployment lists the manuals directly related to deployment. You have already encountered sections of these manuals during the deployment process. These same manuals cover post-deployment configuration and management issues. They will serve as an ongoing resource as you fine-tune your system, and you should familiarize yourself with their contents. In addition, other manuals provide guidance on improving and extending your system and fitting the system to the knowledge needs of your end users.

Do these next

These are some of the tasks that you should perform soon after you complete the initial deployment:

Increase the value of your deployment

Once your deployment is up and running and you have dealt with the basics, like security, you are ready to focus on your data: What data to ingest, how to ingest the data, and how to present the data so that your users can use it effectively.

Splunk Enterprise can handle virtually any kind of data. There is a lot to learn about the different types of data and how to configure them, including the important matters of source typing and event processing. For details on all matters related to data input, read Getting Data In. Be sure to study the material on source typing, beginning with Why source types matter.

Next, you need to develop the searches, reports, dashboards, and so on, that make the data valuable and accessible to your users. These objects are collectively known as knowledge objects. The Knowledge Manager Manual is your primary resource for this.

Splunk offers a wide range of pre-built apps that can do most of this work for you. They define data inputs, source types, knowledge objects, and other configurations. They offer you and your users ready-made solutions to many common and uncommon needs. For example, there are apps that monitor the security of your system and other apps for IT operations management. To learn more about, and to download, pre-built apps, see Splunkbase.

You can also create your own apps. See "Develop apps and add-ons for Splunk Enterprise" for guidance on developing apps.

Resources for administering your deployment

The Admin Manual provides guidance on other important tasks. In particular, see Splunk administration: The big picture. It provides links to topics, across a variety of manuals, that describe key administration tasks.

The monitoring console provides a variety of dashboards that you can use to monitor most aspects of the deployment. See Monitor your distributed deployment in this manual. In addition, see Monitoring Splunk Enterprise.

For information on internal log files and other tools for troubleshooting your deployment, see the Troubleshooting Manual.

Distribute apps and other configurations to groups of instances

Splunk Enterprise provides the deployment server to distribute apps and other sets of configurations to groups of Splunk Enterprise instances. This tool is of particular value for managing configurations on forwarders, but it can distribute updates to any Splunk Enterprise instance, including indexers and search heads. See Updating Splunk Enterprise Instances.

To update the nodes on clusters, you do not use the deployment server. Instead, clusters use their own tools:

You can also use third-party tools to distribute updates.

The rest of the Splunk universe

Splunk Enterprise is only one world in the Splunk universe. Other products include:

  • Splunk Cloud for cloud-based access to the features of Splunk Enterprise.
  • Splunk Analytics for Hadoop for data exploration, analysis and visualizations for Hadoop, NoSQL, and other data stores.
  • A variety of apps and add-ons for extending the capabilities of Splunk Enterprise.

For more information, visit the Splunk documentation portal and the Splunk product overview.

Last modified on 16 October, 2020
High availability deployment: Indexer cluster   Monitor your distributed deployment

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters