Splunk Distributed Deployment
In a distributed deployment, install Splunk Enterprise on at least on two instances. One node works as the search head, and the other node works as the indexer and data collection node. In a Splunk distributed deployment, the data collection node and indexer are deployed on separate servers. In this environment, install the Illumio App for Splunk application on each search head node and TA-Illumio on each indexer/forwarder and search head node.