In our Splunk environment we have two data centers with one indexer each and one heavy forwarder each, and then we have one distributed search head. My lab environment is my home where I install and test Splunk apps. Since my home/lab box is collapsed, that is to say, the indexer, forwarder, and search head are all one box, it is obvious where I install the apps. However, in our enterprise/production environment, this is far less obvious. One app in particular that we want to run is the Palo Alto Networks App for Splunk 5.0.0. It works fine in the lab, however, we are not sure where to install it in our distributed environment? The Search Head, the indexers, the forwarders, all five boxes, we just aren't sure. Any guidance on this would be appreciated.
↧