Splunk Deployment Architecture

Single-Instance Splunk Enterprise Deployment

Splunk is a simple non-distributed deployment on the same network as ITM On-Prem. ObserveIT TA and ObserveIT App are installed on the same node.

Distributed Splunk Enterprise Deployment

Splunk is a distributed deployment on the same network as ITM On-Prem.

ObserveIT TA is installed on a Splunk heavy forwarder that sends data. (Installation of ObserveIT TA on a Universal Forwarder or SHC is not supported.)

The ObserveIT App is installed on the search heads that handles the search management functions.

Splunk Cloud Deployment

Splunk Cloud can be used to store and search for ITM On-Prem data. To forward the data to Splunk Cloud, ObserveIT TA is installed on a Splunk heavy forwarder on the same network as ObserveIT. The ObserveIT App is installed on Splunk Cloud.