Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Write Splunk indexes to different Windows Azure storage account

splunkmlx
Engager
‎02-21-2014 12:32 PM

Hi,

I'm trying to host splunk on windows Azure but want to save data indexed by Splunk on seperate storage account and not on the Azure VM where Splunk is hosted.
Can you please let me know the steps

Tags (2)
Reply

rarsan_splunk
Splunk Employee
Splunk Employee
‎03-29-2016 03:59 PM

The standard approach is to use Virtual Machine data disks or VHDs that are stored as Page Blobs in Azure Storage. Take a look at Splunk in Azure Marketplace solution to easily get started with running Splunk in Azure and storing indexes in Azure Storage. This Marketplace solution encapsulates best practices and necessary steps including opening necessary ports and setting up the appropriate security groups.

Reply

halr9000
Motivator
‎12-18-2014 12:23 PM

You could probably do this with the Azure file service which exposes an SMB share. Performance...may not be great, or even good. That would need to be vetted out thoroughly. I would be hesitant and don't recommend this approach as a best practice.

0 Karma
Reply

charris_splunk
Splunk Employee
Splunk Employee
‎02-24-2014 08:47 AM

There are no special steps required to hosting Splunk on an Azure VM. However, you must create an “endpoint" in the Azure control panel to open up communication on whichever port Splunk is running on to be able to access the Splunk Web UI remotely. See below.

http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/

For Example:
Name: Splunk Web
Protocol: HTTP
Public Port: 80 or 8000
Private Port: 8000 [default]

Splunk ports that you might want to configure endpoints for:
9997 = Default listening port for forwarder communication.
8000 = Default Splunk web (GUI) port.
8089 = Splunk management port (also used by deployment server).

alt text

0 Karma
Reply

halr9000
Motivator
‎12-18-2014 12:17 PM

I'm not seeing that this answer is relevant to the question. @charris_splunk, you want to revise the answer a bit?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...