Been tasked with deploying a highly available and scalable setup of Splunk in AWS.
I've looked briefly at two methods currently, which is deploying a clustered approach to search heads and indexers on EC2 instances and also looked at using the Kubernetes Operator for Splunk to achieve the same. The questions I have regarding this are below...
Does anyone have experience with this and what deployment method would you recommend?
With your recommended approach can you autoscale components or does this need to be scaled manually?
Best way to get data into Splunk with enterprise?
Would really appreciate any advice you could offer! Thank you.
Have you considered using Splunk Cloud Platform? They've already solved the problems you're asking about.