Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

splunk cloud

trojan_81
Path Finder
‎10-30-2020 04:10 PM

Hello all,

My organization is using splunk cloud.  I log into splunk cloud to run searches and also access the enterprise security app from there as well.

Given the above statement, are the below statements correct?

1. Splunk cloud is doing these roles:  indexer and search head

2. Splunk cloud is the same thing as splunk enterprise

 

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-31-2020 12:19 AM

Hi @trojan_81,

about your assertions:

1. Splunk cloud is doing these roles:  indexer and search head

Splunk roleas are always the same, but you don't see Indexers, only Search Heads; Indexers are used but they are outside of your control.

2. Splunk cloud is the same thing as splunk enterprise

If you're speaking of features, Splunk Cloud and Splunk Enterprise are more or less aligned.

if you're speaking of architecture, they are only a few different:

  • you don't access Indexers, only Search Heads,
  • for Splunk Cloud is a best practice to use at least two Heavy Forwarders as concentrators between your targets and Splunk, for Splunk Enterprise you don't need them.

In both cases, you need a Deployment Server and Universal Forwarders.

If you're speaking of data retention, in Splunk Cloud you have to deeply analyze your requirements because there are limitis in retention, instead in Splunk Enterprise retention depends only on available storage.

At least, if you're speaking of management, in Splunk Cloud you have an Indexer Cluster and a search Head Cluster that you don't need to manage and maintain and you haven't problems of resources and performaces, otherwise, in Splunk Enterprise you have to design, install, configure and maintain them.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎10-31-2020 04:46 PM

Hi @trojan_81 .. For future questioners, let me post this as a reference:

1. OnSplunk Docs page, tab 4 is the "Deploy", which gives lots of ideas for splunk design and deployment architectures

https://docs.splunk.com/Documentation/Splunk

2. Splunk training provides these 4 free courses - 

https://www.splunk.com/en_us/training/free-courses/overview.html

 

Happy Splunking | Best Regards | Sekar | PS - Karma points appreciated!

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-31-2020 12:19 AM

Hi @trojan_81,

about your assertions:

1. Splunk cloud is doing these roles:  indexer and search head

Splunk roleas are always the same, but you don't see Indexers, only Search Heads; Indexers are used but they are outside of your control.

2. Splunk cloud is the same thing as splunk enterprise

If you're speaking of features, Splunk Cloud and Splunk Enterprise are more or less aligned.

if you're speaking of architecture, they are only a few different:

  • you don't access Indexers, only Search Heads,
  • for Splunk Cloud is a best practice to use at least two Heavy Forwarders as concentrators between your targets and Splunk, for Splunk Enterprise you don't need them.

In both cases, you need a Deployment Server and Universal Forwarders.

If you're speaking of data retention, in Splunk Cloud you have to deeply analyze your requirements because there are limitis in retention, instead in Splunk Enterprise retention depends only on available storage.

At least, if you're speaking of management, in Splunk Cloud you have an Indexer Cluster and a search Head Cluster that you don't need to manage and maintain and you haven't problems of resources and performaces, otherwise, in Splunk Enterprise you have to design, install, configure and maintain them.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎10-31-2020 10:53 AM

Hi @trojan_81,

good for you.

Ciao and happy splunking.

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...