1
00:00:00,540 --> 00:00:03,150
Designing Splunk architecture.

2
00:00:03,870 --> 00:00:08,670
Learning about Splunk design before implementation of our enterprise level.

3
00:00:08,700 --> 00:00:09,780
High Availability.

4
00:00:09,780 --> 00:00:17,550
Multi-Site clustering is very much necessary since you will have a clear idea of how big an environment

5
00:00:17,550 --> 00:00:20,790
we are implementing as part of our tutorial.

6
00:00:20,940 --> 00:00:28,710
Trust me, it will be one of like you can say it like you have implemented this implementation because

7
00:00:28,710 --> 00:00:34,940
you will be as part of each and every step, right from the beginning of designing the architecture

8
00:00:34,950 --> 00:00:44,970
till the time we complete it and publish it on the Amazon cloud before jumping onto designing completely

9
00:00:45,090 --> 00:00:46,390
the architecture.

10
00:00:46,410 --> 00:00:53,910
We need to understand that architecture design without a proper representation will not affect you.

11
00:00:54,820 --> 00:00:59,440
Impact to make Splunk architecture design impactful.

12
00:01:00,510 --> 00:01:10,440
We will have to do a couple of preparation work, like having visual install and making sure that we

13
00:01:10,440 --> 00:01:18,530
are visual tools installed and what each icon means to understand Splunk visual utensils.

14
00:01:18,540 --> 00:01:28,140
Or you can say that icons would have to go to first let us download our view stencils go to the link

15
00:01:28,140 --> 00:01:28,890
first link.

16
00:01:30,330 --> 00:01:32,760
It is nothing but a wiki page.

17
00:01:32,790 --> 00:01:38,760
The second link is kind of a descriptive and which is used for.

18
00:01:40,330 --> 00:01:45,590
Explaining that each component in those stencils is a PDF document here.

19
00:01:45,640 --> 00:01:49,510
In the first link we can see it's blank with utensils.

20
00:01:49,750 --> 00:01:57,130
It is in Splunk wiki where it has been published and you can download, you can see there are a lot

21
00:01:57,130 --> 00:01:58,330
of components listed.

22
00:01:58,330 --> 00:02:04,810
Probably you might not pick it up now, but once we have done with our final course of publishing our

23
00:02:04,810 --> 00:02:11,350
Enterprise Architecture of Splunk on AWP, you'll be able to understand this most of these components.

24
00:02:12,450 --> 00:02:13,980
Let's click on this video.

25
00:02:13,980 --> 00:02:14,700
STEM cells.

26
00:02:14,700 --> 00:02:21,810
We'll download the video of stem cells downloading and we'll go to page number six.

27
00:02:23,530 --> 00:02:23,980
Yeah.

28
00:02:23,980 --> 00:02:25,350
Icon collection.

29
00:02:25,360 --> 00:02:28,480
You'll be able to see all the icons within those.

30
00:02:28,480 --> 00:02:31,690
Vizio senses what each icon represents.

31
00:02:32,680 --> 00:02:40,180
They are covered almost everything that a Splunk architect would need to create a architect diagram.

32
00:02:40,180 --> 00:02:46,990
They are covered almost every corner of Splunk implementation considering the batch file input indexer,

33
00:02:46,990 --> 00:02:54,850
indexer, clustering and deployment server, cluster master license manager, all the components including

34
00:02:54,850 --> 00:02:57,430
the AVI for order based on the OS level.

35
00:02:57,460 --> 00:03:04,480
As you can see here, every before the for Windows, for Mac, for Linux, these guys have done some

36
00:03:04,480 --> 00:03:12,640
extensive work in publishing this, but this has added a real quality of creating the architecture.

37
00:03:12,670 --> 00:03:14,500
Let me open up my visio.

38
00:03:15,960 --> 00:03:17,750
I'll only create a.

39
00:03:19,730 --> 00:03:25,670
Blank drawing and we are downloaded stencils to add them.

40
00:03:25,670 --> 00:03:27,020
Click on more shapes.

41
00:03:27,710 --> 00:03:29,030
Open stencils.

42
00:03:30,440 --> 00:03:34,250
Splunk documentation or you need to unzip those files.

43
00:03:34,250 --> 00:03:39,600
Since I have already unzipped this is the location so I can click and click on open.

44
00:03:39,620 --> 00:03:43,580
It will automatically add all your Splunk documentation icons.

45
00:03:43,610 --> 00:03:46,460
As you can see here, let me expand it.

46
00:03:47,510 --> 00:03:54,500
See here, you'll be able to see all different types of components using the architecture.

47
00:03:54,860 --> 00:04:01,640
Let me show you how easy it is to create an Splunk architecture using Visio.

48
00:04:05,270 --> 00:04:06,500
I am a user.

49
00:04:09,530 --> 00:04:12,620
And my Splunk architecture.

50
00:04:12,620 --> 00:04:19,880
I'll build on simple architecture considering some small, let's say, ten GB license size.

51
00:04:21,450 --> 00:04:26,100
I'll have a couple of searchers, not tangibly, let us say it is a medium size.

52
00:04:28,660 --> 00:04:31,530
I have a couple of firewalls, sending logs.

53
00:04:34,380 --> 00:04:36,060
Let me have one more firewall.

54
00:04:38,380 --> 00:04:40,120
That is my indexers.

55
00:04:41,280 --> 00:04:42,590
I've had my thoughts.

56
00:04:43,020 --> 00:04:46,920
Yeah, I learned a couple of indexers.

57
00:04:47,130 --> 00:04:48,100
This is one index.

58
00:04:48,240 --> 00:04:49,740
This is group of indexes.

59
00:04:50,250 --> 00:04:51,300
So it is.

60
00:04:51,300 --> 00:04:53,670
We can consider them as multiple indexes.

61
00:04:55,740 --> 00:04:57,660
So what else I need?

62
00:04:58,860 --> 00:05:00,240
Probably every forwarder.

63
00:05:03,270 --> 00:05:05,220
Every forward is allowed.

64
00:05:05,220 --> 00:05:08,470
One forwarder, which is our universal forwarder client.

65
00:05:08,490 --> 00:05:12,960
I'll have one Linux for order, one for Mac forwarder.

66
00:05:12,990 --> 00:05:17,880
These are nothing but the agents that are sitting on these servers like this is generic.

67
00:05:17,910 --> 00:05:19,080
This is for Linux.

68
00:05:19,080 --> 00:05:20,190
This is for Mac.

69
00:05:22,570 --> 00:05:23,500
And.

70
00:05:25,500 --> 00:05:27,540
We will add our windows for order also.

71
00:05:29,210 --> 00:05:30,610
It's a group of orders.

72
00:05:30,620 --> 00:05:36,140
So this is usually the data sources you can represent as one block.

73
00:05:36,320 --> 00:05:38,330
Let me put a container or.

74
00:05:47,230 --> 00:05:51,340
I'll put everything under one container and call this as my four orders.

75
00:05:51,850 --> 00:05:52,800
That's a job done.

76
00:05:52,810 --> 00:05:54,490
So all this will send.

77
00:05:55,150 --> 00:05:57,310
Let me pull out a couple of aromatics.

78
00:05:57,310 --> 00:06:01,840
Whichever you feel comfortable, you can use them, not the two sides.

79
00:06:01,870 --> 00:06:07,270
I'll use the one side because far order is sending logs to my indexer.

80
00:06:09,610 --> 00:06:10,540
Creator of fun.

81
00:06:10,540 --> 00:06:12,410
I have already created a couple of architecture.

82
00:06:12,430 --> 00:06:13,750
We'll go through them one by one.

83
00:06:14,020 --> 00:06:16,390
I'll create one for my search.

84
00:06:16,870 --> 00:06:23,170
This will be a two way because search it searches and your index responds with.

85
00:06:24,110 --> 00:06:24,830
The results.

86
00:06:26,160 --> 00:06:29,640
Similarly, there will be two way from the user.

87
00:06:29,940 --> 00:06:34,710
When I say two way, it's like visual representation of that data is querying and is getting a response

88
00:06:34,710 --> 00:06:36,220
in visualization.

89
00:06:36,240 --> 00:06:38,100
This is our typical architecture.

90
00:06:38,580 --> 00:06:39,750
I know this looks ugly.