I was wondering if running Splunk Enterprise Security over Hunk in a Hunk only or Hybrid architecture is supported/recommended. Has anyone tried doing this?
One of my clients is decided on using ES, but debating if they should go only the Hadoop route, only Splunk enterprise, or some kind of hybrid model with data streaming to both or aging out from Splunk Enterprise to Hunk.
Any experience/advice on this would be appreciated.
↧