Splunk Enterprise Security is deployed on etc/apps. The following table outlines the primary differences between deploying Splunk Enterprise Security on a search head and a search head cluster environment: Be careful to not delete or remove any existing content in the $SPLUNK_HOME/etc/shcluster/apps folder.ĭifferences between deploying on a search head and a search head cluster environment If you are installing Enterprise Security on an existing search head cluster environment which might have other apps deployed already, all of the steps in this section apply. Contact Splunk Professional Services when deploying Splunk Enterprise Security in a high-availability or a disaster recovery scenario.įor more information on deploying a search head cluster in a multi-site environment, see Deploy a search head cluster in a multisite environment in the Splunk® Enterprise Distributed Search manual. You can failover the search head instances or provision a warm standby of the Splunk Enterprise Security search head to keep it in sync with the primary Splunk Enterprise Security environment. Third party technology can be used to help recover a Splunk Enterprise Security search head from a site failure. This cannot be guaranteed in a stretched search head cluster when a site outage occurs. Splunk Enterprise Security must be installed on a single dedicated search head cluster contained within a site since the app requires a consistent set of runtime artifacts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |