Hello, I was looking at getting Splunk Enterprise installed within a Google Cloud Platform network, but running 4 VMs to do so seems to be a bit expensive, especially when alternatives such as Microsoft OMS exist. I am curious, with Splunk Cloud, do I need to have any Splunk VMs running in my network? If so, how many, and what for?
Girakul,
Splunk Enterprise can run on anything from one VM to hundreds. You only need more than one VM if your work load is too much for it.
http://docs.splunk.com/Documentation/Splunk/7.0.0/Capacity/IntroductiontocapacityplanningforSplunkEn... has a lot of information on this.
If you choose splunk cloud, the splunk environment will mostly be managed by the splunk cloud team and you will not have to install any dedicated vms on your network. You'll only have to install the forwarders on machines that you want to send logs to the cloud from.
What are the forwarders? Agents on the VMs?
Yes, forwarders are installed on anything you want to send logs, to splunk, from (desktops, servers, etc...).