Hi,
my company is deciding to use Splunk in a Small Enterprise Deployment.
I already read a bit about scaling, the infrastructure design and the amount of components.
I'm assigned the task to think about and design our deployment.
So.... I want to ask if my thoughts so far make any sense.
My plan ist to build an infrastructure, that looks like the attached picture.
![alt text][1]
[1]: /storage/temp/77195-splunk-infrastructure.png
Why I would use a HF in the deployment is the idea to filter data that is coming into the deployment, before it gets indexed. Maybe I don't need this feature today, but maybe later.
Is this a legit deployment?
Is it ok if I configure the UF's to send data to the HF first?
↧