Splunk Enterprise administration

Install and upgrade Splunk Enterprise

The Installation Manual describes how to install and upgrade Splunk Enterprise.


Task:	Look here:
Understand installation requirements	Installation overview
Estimate hardware capacity needs	Introduction to capacity planning for Splunk Enterprise
Install Splunk Enterprise	Choose the Windows user Splunk Enterprise should run as Install on Linux Install on Mac OS X
Upgrade Splunk Enterprise	How to upgrade Splunk Enterprise
Perform backups	Back up configuration information Back up indexed data Set a retirement and archiving policy

Get data into Splunk Enterprise

Getting Data In describes the types of Splunk data inputs and how to get data into your Splunk deployment.


Task:	Look here:
Learn how to consume external data	What data can I index?
Configure file and directory inputs	Monitor files and directories
Configure network inputs	Get data from TCP and UDP ports
Configure Windows inputs	Considerations for deciding how to monitor remote Windows data
Configure miscellaneous inputs	Monitor First In, First Out (FIFO) queues Monitor changes to your file system Get data from APIs and other remote data interfaces through scripted inputs
Enhance the value of your data	Overview of event processing How timestamp assignment works About indexed field extraction About hosts Why source types matter About event segmentation
See how your data will look after indexing	The Set Sourcetype page
Improve the data input process	Use a test index to test your inputs
Understand the data pipeline	How data moves through Splunk Enterprise: the data pipeline

Manage indexes and indexers

Managing Indexers and Clusters describes how to configure indexes and manage indexers, the components that maintain indexes.


Task:	Look here:
Learn about indexing	Indexes, indexers, and indexer clusters
Manage indexes	About managing indexes
Manage index storage	How the indexer stores indexes
Back up indexes	Back up indexed data
Archive indexes	Set a retirement and archiving policy
Learn about clusters and index replication	About indexer clusters and index replication
Deploy clusters	Indexer cluster deployment overview
Configure clusters	Manager configuration overview
Manage clusters	View the manager dashboard
Learn about cluster architecture	Basic indexer cluster concepts for advanced users

Scale Splunk Enterprise

The Distributed Deployment Manual describes how to distribute Splunk Enterprise functionality across multiple components, such as forwarders, indexers, and search heads.


Task:	Look here:
Learn about Splunk Enterprise distributed deployments	Scale your deployment with Splunk Enterprise components
Perform capacity planning for Splunk deployments	Introduction to capacity planning for Splunk Enterprise
Learn how to forward data	About forwarding receiving
Distribute searches across multiple indexers	About distributed search
Deploy configuration updates across your environment	About deployment server and forwarder management

Associated manuals cover distributed components in detail:

For information on forwarders, see the Forwarding Data manual.
For information on search heads, see the Distributed Search manual.
To manage your deployment using the deployment server and forwarder management, see the Updating Splunk Enterprise Instances manual.

Secure Splunk Enterprise

Securing Splunk Enterprise describes how to secure your Splunk Enterprise deployment.


Task:	Look here:
Authenticate users and edit roles	About user authentication
Secure Splunk data with SSL	About securing Splunk Web
Audit Splunk Enterprise	Use Splunk Enterprise to audit your system activity Audit Splunk activity Use audit events to secure Splunk Enterprise Manage data integrity
Use Single Sign-on (SSO) with Splunk Enterprise	About Single Sign-On using reverse proxy
Use Splunk Enterprise with LDAP	Set up user authentication with LDAP