This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!

Installing Splunk

To learn more about how Splunk works, here is their documentation: Splunk

This guide describes the Splunk Enterprise installation process for two different types of distributed architecture, along with the Splunk forwarder and the Wazuh app for Splunk.

  • The single-instance architecture is recommended for testing and evaluation purposes, or also for small-medium sized environments.
  • The Splunk Cluster architecture is recommended to replicate data along different indexes and make distributed searches.
Installation type Description
Single-instance installation Install Splunk using the single-instance architecture.
Splunk Cluster installation Install a Cluster with Splunk multi-instance architecture.

Find more information about how to scale your environments using Splunk Enterprise on the official documentation.

Warning

The Wazuh app for Splunk requires the installation of a Wazuh manager and Wazuh API in order to work properly. Check out the installation guide before proceeding with Splunk.

Note

On Linux systems, the Splunk software requires a 64-bit version of the operating system. Although Splunk can be installed on different OS, the Splunk app is only compatible with Linux systems.