This was a relatively short but important chapter! After learning how to deploy apps to search-cluster members with the deployer, we discovered how to set up user authentication and define the various roles to control access to Splunk and its various capabilities. Finally, I offered a few best practices on administering your Splunk environment and some key considerations for supporting it into the future.
If you've waded through (and hopefully experimented with) all the functionality in this chapter and Chapter 4, Getting Data into Splunk, you now know how to expertly administer all of the Splunk components in a clustered, distributed environment. In addition, you understand how the various configuration settings for each function are represented in the .conf files for each component, as well as a great deal about how Splunk actually executes the administration tasks...
