This is the documentation for Wazuh 3.8. Check out the docs for the latest version of Wazuh!

Installing Splunk

This guide describes the Splunk Enterprise installation process for two different types of distributed architecture, along with the Splunk forwarder and the Wazuh app for Splunk.

  • The single-instance architecture is recommended for testing and evaluation purposes, or also for small-medium sized environments.
  • The multi-instance architecture is recommended for larger environments with huge amounts of data (in this case, Wazuh alerts) and users.
Installation type Description
Single-instance installation Install Splunk using the single-instance architecture.
Multi-instance installation Install Splunk using the multi-instance architecture.

Find more information about how to scale your environments using Splunk Enterprise on the official documentation.

Warning

The Wazuh app for Splunk requires the installation of a Wazuh manager and Wazuh API in order to work properly. Check out the installation guide before proceeding with Splunk.

Note

On Linux systems, the Splunk software requires a 64-bit version of the operating system.

Although Splunk can be installed on different OS, the Splunk app is only compatible with Linux systems.