Splunk Enterprise

splunk cloud or splunk enterpise which one should i use

himanish2008
Explorer

I am using a trial version in my laptop for connecting to apigee a cloud based api management platform.Apigee is google product.
Which one should i use splunk enterprise or splunk cloud?
Please suggest....

Data will come in by the tcp connection...

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi himanish2008,
you should choose the best solution following your digital strategy:

  • if you're applying a digital transformation to cloud, use Splunk Cloud,
  • if your policies want to maintain data in your own infrastructure Usually banks do this), use Splunk Enterprise on-premise.

In addition, you should define your infrastructure requirements:

  • do you want High Availability?
  • what's your infrastructure availability (servers, management, resources, skilled people, etc...)?
  • have you a large infrastrucre to monitor?

I can report my experience:

  • if you're starting with Splunk, it's easier to have an on premise installation to continuously access the servers, instead on Cloud you have to ask some jobs to Splunk that has own Service Level Agreement,
  • if you haven't many servers and people to manage them, Splunk Cloud solves many problems and gives HA features (to manage many logs and and users with HA features you need many Servers).

Anyway, remember that if you choose Splunk Cloud, you have to use also some on premise features:

  • at least two (or more) Heavy Forwarders to concentrate logs and send them to Cloud,
  • install agent (Universal Forwarders) on servers to monitor;
  • install a Deployment Server to manage all the Universal Forwarders (if you have more than 50 UFs you need a dedicated server)
  • use Heavy Forwarders to ingest and send to Cloud syslogs.

Anyway, on your desktop you can use only Splunk on-premise obviously.
At the end, as you already understood, the choose is a trategic choose not a technical choose.

Bye.
Giuseppe

View solution in original post

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi himanish2008,
you should choose the best solution following your digital strategy:

  • if you're applying a digital transformation to cloud, use Splunk Cloud,
  • if your policies want to maintain data in your own infrastructure Usually banks do this), use Splunk Enterprise on-premise.

In addition, you should define your infrastructure requirements:

  • do you want High Availability?
  • what's your infrastructure availability (servers, management, resources, skilled people, etc...)?
  • have you a large infrastrucre to monitor?

I can report my experience:

  • if you're starting with Splunk, it's easier to have an on premise installation to continuously access the servers, instead on Cloud you have to ask some jobs to Splunk that has own Service Level Agreement,
  • if you haven't many servers and people to manage them, Splunk Cloud solves many problems and gives HA features (to manage many logs and and users with HA features you need many Servers).

Anyway, remember that if you choose Splunk Cloud, you have to use also some on premise features:

  • at least two (or more) Heavy Forwarders to concentrate logs and send them to Cloud,
  • install agent (Universal Forwarders) on servers to monitor;
  • install a Deployment Server to manage all the Universal Forwarders (if you have more than 50 UFs you need a dedicated server)
  • use Heavy Forwarders to ingest and send to Cloud syslogs.

Anyway, on your desktop you can use only Splunk on-premise obviously.
At the end, as you already understood, the choose is a trategic choose not a technical choose.

Bye.
Giuseppe

0 Karma

woodcock
Esteemed Legend

Cloud runs in cloud so use full Splunk Enterprise with a FREE developer license, but if you are sending TCP, then you should be running syslog-ng to receive it and forward to splunk by dropping to disk or using the Http Event Collector.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

By definition, Splunk Cloud runs in the cloud, not on your laptop. Therefore, you must run Splunk Enterprise on your laptop.

Try the Add-on for Apigee Edge Private Cloud app (https://splunkbase.splunk.com/app/4064/#/details).

---
If this reply helps you, Karma would be appreciated.
0 Karma

himanish2008
Explorer

Please help me connect to apigee a google based api management platform..

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...