Hi ,
We are planning to migrate Splunk from prim to Azure Cloud . The on prim is a distributed environment with 1 SH/DS, 1 IDX, 2 HFs & 2 UFs.
We are thinking of leaving HFs and UFs on prim and move SH & IDX to Azure cloud(only to use Azure Cloud VMs). Any issues with this approach Vs moving all splunk components to Azure Could.
Thank you in advance for your su
There are no issues with either approaches. Depending on what data you are indexing you would probably need to have UFs/HFs on-prem to collect and forward data to you azure instances. Either way, since you are moving splunk to a new platform I would suggest you to take a look at Splunk's validated architectures for the best architecture that fists your org needs. With just 1 indexer you run the risk of having downtime on search and indexing in case of maintenance.
https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf