Deployment Architecture

Write Splunk indexes to different Windows Azure storage account

splunkmlx
Engager

Hi,

I'm trying to host splunk on windows Azure but want to save data indexed by Splunk on seperate storage account and not on the Azure VM where Splunk is hosted.
Can you please let me know the steps

Tags (2)

rarsan_splunk
Splunk Employee
Splunk Employee

The standard approach is to use Virtual Machine data disks or VHDs that are stored as Page Blobs in Azure Storage. Take a look at Splunk in Azure Marketplace solution to easily get started with running Splunk in Azure and storing indexes in Azure Storage. This Marketplace solution encapsulates best practices and necessary steps including opening necessary ports and setting up the appropriate security groups.

halr9000
Motivator

You could probably do this with the Azure file service which exposes an SMB share. Performance...may not be great, or even good. That would need to be vetted out thoroughly. I would be hesitant and don't recommend this approach as a best practice.

0 Karma

charris_splunk
Splunk Employee
Splunk Employee

There are no special steps required to hosting Splunk on an Azure VM. However, you must create an “endpoint" in the Azure control panel to open up communication on whichever port Splunk is running on to be able to access the Splunk Web UI remotely. See below.

http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/

For Example:
Name: Splunk Web
Protocol: HTTP
Public Port: 80 or 8000
Private Port: 8000 [default]

Splunk ports that you might want to configure endpoints for:
9997 = Default listening port for forwarder communication.
8000 = Default Splunk web (GUI) port.
8089 = Splunk management port (also used by deployment server).

alt text

0 Karma

halr9000
Motivator

I'm not seeing that this answer is relevant to the question. @charris_splunk, you want to revise the answer a bit?

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...