![]() This architecture is based on the Cisco UCS Integrated Infrastructure for Big Data with Splunk. The solution is designed with three Cisco UCS C240 M6 rack servers as indexers, three Cisco UCS C220 M6 rack servers as search heads, and three Cisco UCS C220 M6 rack servers to perform administrative function. This whitepaper describes the architecture and high-level steps for deploying Splunk Enterprise using sixth-generation Cisco UCS rack servers. This section summarizes the Splunk and Cisco® solution. The configuration consists of three Cisco UCS C240 M6 Rack Servers as indexers, three Cisco C220 M6 Rack Servers as search heads, and three Cisco C220 M6 Rack Servers for performing administrative functions. This document describes the architecture and deployment procedures for Splunk Enterprise on a distributed high-performance reference architecture. The Cisco Intersight™ and Cisco Unified Computing System™ (Cisco UCS®) platforms’ ability to expand to thousands of servers allows Splunk deployments to scale horizontally while continuously delivering exceptional performance. As operational analytics become increasingly critical to day-to-day decision making and Splunk deployments expand to terabytes of data, a high-performance, highly scalable infrastructure is critical to helping ensure rapid and predictable delivery of insights. Organizations typically start with Splunk to solve a specific problem and then expand from there to address a broad range of use cases, such as application troubleshooting, IT infrastructure monitoring, security, business analytics, Internet of Things (IoT), and many others. Splunk software reliably collects and indexes machine data, from a single source to tens of thousands of sources, all in real time. Configure an application within the deployment server.Register the universal forwarder with the deployment server.Install a universal forwarder on a test server. ![]() Edit the server roles in the monitoring console general setup.Add the search peers of the monitoring console.Prepare the Splunk monitoring console on a search head instance.Configure the Splunk monitoring console.Integrate the search head cluster with the indexer cluster. ![]() Configure search heads to forward their data to the indexer layer.Enable the search head cluster and deployer and configure search head cluster members.Configure the security key on the deployer and search head cluster members.Configure the master to forward all its data to the indexer layer.Configure all indexing peers using the CLI (clush).Provision the indexer cluster master on admin1.Verify the license master-slave relationships.Configure all the license slaves at one time using the CLI (clush).About configuring the indexers, search heads, and admin server as license slaves.Configure the Splunk Enterprise cluster.Log in as the Splunk admin the first time. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |