Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Is it possible to run Splunk using a micro services architecture?

DavidHourani
Super Champion
‎05-21-2019 12:10 AM

Hi guys,

Is it possible to run Splunk using a micro services architecture ?

I heard that it was going to be supported but are there any official documentation to support that ?

David

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎05-21-2019 12:01 PM

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo

View solution in original post

Reply
Solved! Jump to solution

tomasmoser
Contributor
‎08-23-2019 02:59 PM

We run distributed deployment on Docker + Kubernetes even in Azure. Both IDX and SH clusters and the same for ES SIEM. Everything works just fine do far
.

Reply
Solved! Jump to solution

mattymo
Splunk Employee
Splunk Employee
‎08-24-2019 10:56 AM

nice work! are you running your own image or the official docker-splunk?

- MattyMo
0 Karma
Reply
Solved! Jump to solution
Solution

mattymo
Splunk Employee
Splunk Employee
‎05-21-2019 12:01 PM

Splunk Enterprise in its current form is a monolith application, but does have an api and you can run it in containerized environments to take advantage of orchestration and deployment. see https://github.com/splunk/docker-splunk & https://github.com/splunk/splunk-ansible for more on running splunk in containerized environments.

There are some walkthroughs with how to get started on docker and kubernetes. https://github.com/splunk/docker-splunk/tree/develop/test_scenarios

Did you have a container platform in mind for running your other microservices?

- MattyMo
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎05-21-2019 10:47 PM

"Splunk Enterprise in its current form is a monolith application" yeah exactly... that's why I was asking, wasn't sure if it was supported by Splunk to have it running on docker, I guess from what you're saying it works, tutorials are out there, but that doesn't make it into a micro-service, it's still good old Splunk with all its components ?

Reply
Solved! Jump to solution

mattymo
Splunk Employee
Splunk Employee
‎05-22-2019 04:01 AM

yep absolutely, good ol, fully featured splunkd! And just cause it isnt microserviced out, doesn’t mean there isnt still value to be gained with docker and kubernetes! We currently support our docker images used in single instance installs looking to broaden to complex clusters, orchestrators and operators in the future!

Check out our latest thoughts here: https://www.splunk.com/blog/2019/05/08/an-insider-s-guide-to-splunk-on-containers-and-kubernetes.htm...

We showed off an early preview of a Splunk Kubernetes Operator at Red Hat Summit last week!

Also announced Red Hat Univerisal base images, now available on dockerhub!

As long as you have container expertise, Splunk just works like you would expect in a VM or the like. Just need to solve for persistent storage, etc

- MattyMo
0 Karma
Reply
Solved! Jump to solution

DavidHourani
Super Champion
‎05-21-2019 10:48 PM

That looks nice : https://www.splunk.com/blog/2018/10/24/announcing-splunk-on-docker.html
So as of .conf it is supported ?

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎05-22-2019 12:51 AM

It is supported but officially splunk support only S1 (single server) architecture, I am playing in my lab environment with Indexer Cluster and Single SH on Kubernetes.

While planning any deployment of Splunk, we recommend using the Splunk Validated Architectures; these deployment blueprints guide customers on selecting the right deployment architecture for Splunk. To start with, we will officially support the S1 (single server) architecture.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...