Getting Data In

Is it possible to run Splunk using a micro services architecture?

DavidHourani
Super Champion

Hi guys,

Is it possible to run Splunk using a micro services architecture ?

I heard that it was going to be supported but are there any official documentation to support that ?

David

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo

View solution in original post

tomasmoser
Contributor

We run distributed deployment on Docker + Kubernetes even in Azure. Both IDX and SH clusters and the same for ES SIEM. Everything works just fine do far
.

mattymo
Splunk Employee
Splunk Employee

nice work! are you running your own image or the official docker-splunk?

- MattyMo
0 Karma

mattymo
Splunk Employee
Splunk Employee

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo

DavidHourani
Super Champion

"Splunk Enterprise in its current form is a monolith application" yeah exactly... that's why I was asking, wasn't sure if it was supported by Splunk to have it running on docker, I guess from what you're saying it works, tutorials are out there, but that doesn't make it into a micro-service, it's still good old Splunk with all its components ?

mattymo
Splunk Employee
Splunk Employee

yep absolutely, good ol, fully featured splunkd! And just cause it isnt microserviced out, doesn’t mean there isnt still value to be gained with docker and kubernetes! We currently support our docker images used in single instance installs looking to broaden to complex clusters, orchestrators and operators in the future!

Check out our latest thoughts here: https://www.splunk.com/blog/2019/05/08/an-insider-s-guide-to-splunk-on-containers-and-kubernetes.htm...

We showed off an early preview of a Splunk Kubernetes Operator at Red Hat Summit last week!

Also announced Red Hat Univerisal base images, now available on dockerhub!

As long as you have container expertise, Splunk just works like you would expect in a VM or the like. Just need to solve for persistent storage, etc

- MattyMo
0 Karma

DavidHourani
Super Champion

That looks nice : https://www.splunk.com/blog/2018/10/24/announcing-splunk-on-docker.html
So as of .conf it is supported ?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

It is supported but officially splunk support only S1 (single server) architecture, I am playing in my lab environment with Indexer Cluster and Single SH on Kubernetes.

While planning any deployment of Splunk, we recommend using the Splunk Validated Architectures; these deployment blueprints guide customers on selecting the right deployment architecture for Splunk. To start with, we will officially support the S1 (single server) architecture.
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...