Hi,
My company is deciding to use Splunk in a Small Enterprise Deployment.
I already read a bit about scaling, the infrastructure design, and the amount of components.
I'm assigned the task to think about and design our deployment.
So.... I want to ask if my thoughts so far make any sense.
My plan is to build an infrastructure that looks like the attached picture.
![alt text][1]
[1]: /storage/temp/77195-splunk-infrastructure.png
I would use a Heavy Forwarder in the deployment to filter data that is coming into the deployment before it gets indexed. I might not need this feature today, but maybe later.
Is this a legit deployment?
Is it ok if I configure the Universal Forwarders to send data to the HF first?
↧