Wazuh with Splunk

To learn more about how Splunk works, here is their documentation: Splunk

This guide describes how to install Splunk Enterprise as a single instance or as a multi-instance cluster along with the Splunk forwarder and the Wazuh Splunk app.

  • The single-instance architecture is recommended for testing and evaluation purposes, or also for small-medium sized environments.

  • The Splunk Cluster architecture is recommended to replicate data along with different indexes and make distributed searches.

Installation type

Description

Single-instance installation

Install Splunk using the single-instance architecture. It is recommended for testing and evaluation purposes, or for small-medium sized environments.

Splunk Cluster installation

Install a Cluster with Splunk multi-instance architecture. It is recommended to replicate data along different indexes and make distributed searches.

Find more information about how to scale your environments using Splunk Enterprise on the official documentation.

Note

On Linux systems, the Splunk software requires a 64-bit version of the operating system. Although Splunk can be installed on different OS, the Splunk app is only compatible with Linux systems.