To all the Splunk Gurus, I have been looking forward to upgrading splunk from Splunk 6.0.4 (build 207768) to the latest stable release.
We have a distributed environment of 2 heavy fwds (in HA), 4 Indexers and 2 SHs (neither in Pool nor a cluster).
Points to ponder while deciding upgrade are -
- We have a dedicated JobServer for running the scheduled, saved searches reports
- We have other SH, extensively consumed by integrating components for fetching data and stats by api & sdk calls (on batch as well as real time basis)
- We have selected tcp routing of data on the heavy fwds
- Looking forward to setting up clustering among the indexers and SHs
- Extensive use of dbx for reading (lookups) and writing in mysql db
- Extensive use of Data models and persistent acceleration for reporting
- Coming up with read/write in to remote Mongo in near future
Any suggestions with the justified reasons about the versions (stable and feature rich) are much appreciated !!
Thanks in advance !
↧