Deployment Architecture - PushpaPersonnel/Splunk-Administrator GitHub Wiki

Single Server (S1) | All Splunk components (Indexer, Search Head, Forwarder) on one instance. | Small-scale environments or testing. Distributed Non-Clustered (D1/D11) | Separate Indexers and Search Heads without clustering. | Medium-scale setups with basic redundancy. Distributed Clustered - Single Site (C1/C11) | Indexer Clustering with one site; Search Heads may or may not be clustered. | High availability and data replication within one location. Distributed Clustered + SHC - Single Site (C3/C13) | Indexer Clustering + Search Head Clustering in one site. | Enterprise-grade deployments with scalability and fault tolerance. Distributed Clustered - Multi-Site (M2/M12) | Indexer Clustering across multiple geographic sites. | Disaster recovery and geo-redundancy. Distributed Clustered + SHC - Multi-Site (M3/M13) | Full clustering across multiple sites for both Indexers and Search Heads. | Large-scale, global deployments. SmartStore Architecture | Indexers use remote object storage (e.g., S3) instead of local disk. | Cost-effective storage for large data volumes. Splunk Cloud Platform | Managed cloud deployment with automatic scaling and updates. | Organizations preferring SaaS over self-hosting.