Getting Data In

Is it possible to run Splunk using a micro services architecture?

DavidHourani
Super Champion

Hi guys,

Is it possible to run Splunk using a micro services architecture ?

I heard that it was going to be supported but are there any official documentation to support that ?

David

0 Karma
1 Solution

mattymo
Splunk Employee
Splunk Employee

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo

View solution in original post

tomasmoser
Contributor

We run distributed deployment on Docker + Kubernetes even in Azure. Both IDX and SH clusters and the same for ES SIEM. Everything works just fine do far
.

mattymo
Splunk Employee
Splunk Employee

nice work! are you running your own image or the official docker-splunk?

- MattyMo
0 Karma

mattymo
Splunk Employee
Splunk Employee

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo

DavidHourani
Super Champion

"Splunk Enterprise in its current form is a monolith application" yeah exactly... that's why I was asking, wasn't sure if it was supported by Splunk to have it running on docker, I guess from what you're saying it works, tutorials are out there, but that doesn't make it into a micro-service, it's still good old Splunk with all its components ?

mattymo
Splunk Employee
Splunk Employee

yep absolutely, good ol, fully featured splunkd! And just cause it isnt microserviced out, doesn’t mean there isnt still value to be gained with docker and kubernetes! We currently support our docker images used in single instance installs looking to broaden to complex clusters, orchestrators and operators in the future!

Check out our latest thoughts here: https://www.splunk.com/blog/2019/05/08/an-insider-s-guide-to-splunk-on-containers-and-kubernetes.htm...

We showed off an early preview of a Splunk Kubernetes Operator at Red Hat Summit last week!

Also announced Red Hat Univerisal base images, now available on dockerhub!

As long as you have container expertise, Splunk just works like you would expect in a VM or the like. Just need to solve for persistent storage, etc

- MattyMo
0 Karma

DavidHourani
Super Champion

That looks nice : https://www.splunk.com/blog/2018/10/24/announcing-splunk-on-docker.html
So as of .conf it is supported ?

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

It is supported but officially splunk support only S1 (single server) architecture, I am playing in my lab environment with Indexer Cluster and Single SH on Kubernetes.

While planning any deployment of Splunk, we recommend using the Splunk Validated Architectures; these deployment blueprints guide customers on selecting the right deployment architecture for Splunk. To start with, we will officially support the S1 (single server) architecture.
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...