Splunk Enterprise on AWS - A Perfect Match!
Release Date: 27/05/2020
Author: Jamie Turbill
So you’ve got Splunk Enterprise on-premises and all around you the applications you use daily are increasingly being deployed in the Cloud. Your business has adopted a cloud migration strategy and now you are scrambling to know where to put Splunk!
Thankfully, Splunk has got you covered! There are two distinct options for Splunk in the cloud that really depend on your use cases, what’s important to you and whether you want to have control over the infrastructure you deploy.
- Splunk Enterprise deployed in private cloud infrastructure. This option is great if you still want full control on what you deploy and how you deploy, but still want to realise the benefits of a cloud first strategy.
- Splunk Cloud, which is a full SaaS offering from Splunk providing Splunk as a service. This allows you to quickly use the Splunk platform without needing to manage the underlying infrastructure and architecture.
Of course both options have perceived benefits/disadvantages, and that is a technical discussion that we’d be more than happy to assist with. As a Splunk and AWS partner, we can help you whatever you decide.
So let’s say you have chosen option 1, how easy is it?
AWS EC2 is well designed and suited to the model of horizontal scaling, and if you use the Splunk maintained AWS AMI you can deploy Splunk in just a few clicks. Amazon Linux 2 is also supported, so you can use Splunk with an EC2 optimised operating system.
If you need to retain logs for longer but need to keep costs for storage low, you can utilise Splunk SmartStore using AWS S3 . SmartStore was introduced into Splunk from 7.2 and allows you to offload warm buckets into S3 compatible storage, with the aim of retaining the ability to search quickly and index efficiently – whilst reducing the cost of heavy local storage. Using remote storage such as AWS S3 also allows you to take advantage of S3 features such as its high availability and scalability. “Amazon S3 is designed for 99.999999999% (11 9’s) of data durability”
If you are struggling to size your EC2 instances appropriately, or need further information on distributed deployment recommendations – Splunk maintains a full technical brief for AWS deployments here. This includes recommendations on EC2 sizing based on small to large scale deployments.
And of course, with any deployment on AWS, you’d also be benefitting from all the great EC2 features such as flexible pricing, multiple availability zones, deployment of resources in different regions across the world, high performance elastic block storage and more.
Somerford are an AWS marketplace partner providing Splunk, Netskope, Hashicorp and Centrify. For further details contact us.
Get Notified for New Blogs:
We post regularly on the platforms below, notifying our audience when we publish new pieces.
