Splunk Enterprise — Infrastructure — Quick Links

Table of Contents

1. Preface
2. Components
3. Pre-Installation
4. Installing
5. Splunk Pipeline
6. Indexes
7. Users And Roles
8. Inputs
9. Grow Development
10. Other Notes
11. Debrief

https://discord.com/invite/7g9PrxVcc4

1. Preface

I only made this blog in order to provide common Q&A information to anyone interested in using Splunk. It is also great as a reference. Please visit Splunk for the official learning courses

2. Components

The three main components indexers, search heads, and forwarders.

3. Pre-Installation

System requirements for use of Splunk Enterprise on-premises

Architecting Splunk Enterprise Deployments | Splunk

http://www.splunk.com/web_assets/pdfs/secure/Splunk_and_VMware_VMs_Tech_Brief.pdf

Run Splunk Enterprise as a different or non-root user

http://docs.splunk.com/Documentation/Splunk/latest/installation/ChoosetheuserSplunkshouldrunas

4. Installing

I get errors about ulimit in splunkd.log

Transparent huge memory pages and Splunk performance

Install on Windows using the command line

http://docs.splunk.com/Documentation/Splunk/latest/Security/SecureSplunkWebusingasignedcertificate

5. Splunk Pipeline

Components and the data pipeline

http://www.splunk.com/view/SP-CAAAH9G

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Whatsinthismanual

6. Indexes

Archive indexed data

Restore archived indexed data

http://docs.splunk.com/Documentation/Splunk/latest/admin/Indexesconf#indexes.conf.spec

7. Users And Roles

How to secure and harden your Splunk platform instance

8. Inputs

The IT Search Engine | Splunk

http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Deployaheavyforwarder

About securing data from forwarders

Home | Splunkbase

9. Grow Development

About the Monitoring Console

11. Debrief

Debrief

I hoped this helped answer some general questions for anyone just learning Splunk. I really enjoyed doing and this and will be making more notes in the future.