From Splunk Wiki
Deployment scenarios and best practices.
Best practices area
Use the Best practices area to learn about configurations from the Splunk community. Share your own scenarios, or read about how others have set up Splunk deployments.
Participate and contribute
The contents of this wiki are created by Splunk and the Splunk community. We welcome your feedback and contributions.
You're encouraged to add to the topics you find within the sections below, or to create your own topics by linking from the pages inside each area. The Splunk Community Wiki is a MediaWiki (like Wikipedia). Use the Mediawiki online help if you need to know how to add and edit pages.
Signing your posts
When you contribute, please consider signing and dating your post or addition. You can do this easily by including four tildes (~) on a line by themselves.
If you have questions about how to contribute to this Wiki, contact firstname.lastname@example.org. If you have technical questions about running Splunk, you may wish to visit the Splunk user forums or submit a case with Splunk support.
Have you migrated a large Splunk deployment from 3.x to 4.x? Besides the overview provided in the Installation Manual, there's a lot to a Splunk migration, and we'd like to hear from you about it. Other Splunk users can also benefit from your experience and pointers.
Best practices and processes
Here are some best practices and processes:
- Considerations for deciding how to get data from Windows hosts
- Use Splunk alerts with scripts to create a ticket in your ticketing system
- Best practices for backing up your Splunk data
- How summary indexing can help you
Developing GUI components for Splunk 4.0?
Visit the 4.0 Splunk GUI development page! If you've done something cool with 4.0 GUI development, show us how you did it.
Examples from the field
And here's how some people have done it:
- A multi-tenant scenario with minimal use of hardware
- A hardened Splunk deployment with high security requirements
This section contains information about the components of a Splunk deployment, your options when deploying, what choices you have with respect to high availability, and information about tuning factors.
- Components of a Splunk deployment
- Planning your Splunk deployment
- Deployment considerations for data inputs
- Deployment configuration options:
- Splunk tuning factors
- Hardware tuning factors