This guide describes the Splunk Enterprise installation process for two different types of distributed architecture, along with the Splunk forwarder and the Wazuh app for Splunk.
- The single-instance architecture is recommended for testing and evaluation purposes, or also for small-medium sized environments.
- The multi-instance architecture is recommended for larger environments with huge amounts of data (in this case, Wazuh alerts) and users.
|Single-instance installation||Install Splunk using the single-instance architecture.|
|Multi-instance installation||Install Splunk using the multi-instance architecture.|
Find more information about how to scale your environments using Splunk Enterprise on the official documentation.
The Wazuh app for Splunk requires the installation of a Wazuh manager and Wazuh API in order to work properly. Check out the installation guide before proceeding with Splunk.
On Linux systems, the Splunk software requires a 64-bit version of the operating system.
Although Splunk can be installed on different OS, the Splunk app is only compatible with Linux systems.