Hi guys,
Is it possible to run Splunk using a micro services architecture ?
I heard that it was going to be supported but are there any official documentation to support that ?
David
Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.
There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios
Did you have a container platform in mind for running your other microservices?
We run distributed deployment on Docker + Kubernetes even in Azure. Both IDX and SH clusters and the same for ES SIEM. Everything works just fine do far
.
nice work! are you running your own image or the official docker-splunk?
Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.
There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios
Did you have a container platform in mind for running your other microservices?
"Splunk Enterprise in its current form is a monolith application" yeah exactly... that's why I was asking, wasn't sure if it was supported by Splunk to have it running on docker, I guess from what you're saying it works, tutorials are out there, but that doesn't make it into a micro-service, it's still good old Splunk with all its components ?
yep absolutely, good ol, fully featured splunkd! And just cause it isnt microserviced out, doesn’t mean there isnt still value to be gained with docker and kubernetes! We currently support our docker images used in single instance installs looking to broaden to complex clusters, orchestrators and operators in the future!
Check out our latest thoughts here: https://www.splunk.com/blog/2019/05/08/an-insider-s-guide-to-splunk-on-containers-and-kubernetes.htm...
We showed off an early preview of a Splunk Kubernetes Operator at Red Hat Summit last week!
Also announced Red Hat Univerisal base images, now available on dockerhub!
As long as you have container expertise, Splunk just works like you would expect in a VM or the like. Just need to solve for persistent storage, etc
Hi,
Splunk supports on Docker but as fasr I know it supports Single Instance Only.
Here are some of the reference docs
https://www.splunk.com/blog/2018/10/24/announcing-splunk-on-docker.html
https://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements#Containerized_co...
https://hub.docker.com/r/splunk/splunk/
https://splunk.github.io/docker-splunk/
If you want to take more look on Kubernetes side then have a look at below blog posts.
https://www.splunk.com/blog/2018/12/17/deploy-splunk-enterprise-on-kubernetes-splunk-connect-for-kub...
https://www.splunk.com/blog/2019/02/11/deploy-splunk-enterprise-on-kubernetes-splunk-connect-for-kub...
https://www.splunk.com/blog/2019/03/01/deploy-splunk-enterprise-on-kubernetes-splunk-connect-for-kub...
That looks nice : https://www.splunk.com/blog/2018/10/24/announcing-splunk-on-docker.html
So as of .conf it is supported ?
It is supported but officially splunk support only S1 (single server) architecture, I am playing in my lab environment with Indexer Cluster and Single SH on Kubernetes.
While planning any deployment of Splunk, we recommend using the Splunk Validated Architectures; these deployment blueprints guide customers on selecting the right deployment architecture for Splunk. To start with, we will officially support the S1 (single server) architecture.