Deployment Architecture

Write Splunk indexes to different Windows Azure storage account

splunkmlx
Engager

Hi,

I'm trying to host splunk on windows Azure but want to save data indexed by Splunk on seperate storage account and not on the Azure VM where Splunk is hosted.
Can you please let me know the steps

Tags (2)

rarsan_splunk
Splunk Employee
Splunk Employee

The standard approach is to use Virtual Machine data disks or VHDs that are stored as Page Blobs in Azure Storage. Take a look at Splunk in Azure Marketplace solution to easily get started with running Splunk in Azure and storing indexes in Azure Storage. This Marketplace solution encapsulates best practices and necessary steps including opening necessary ports and setting up the appropriate security groups.

halr9000
Motivator

You could probably do this with the Azure file service which exposes an SMB share. Performance...may not be great, or even good. That would need to be vetted out thoroughly. I would be hesitant and don't recommend this approach as a best practice.

0 Karma

charris_splunk
Splunk Employee
Splunk Employee

There are no special steps required to hosting Splunk on an Azure VM. However, you must create an “endpoint" in the Azure control panel to open up communication on whichever port Splunk is running on to be able to access the Splunk Web UI remotely. See below.

http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/

For Example:
Name: Splunk Web
Protocol: HTTP
Public Port: 80 or 8000
Private Port: 8000 [default]

Splunk ports that you might want to configure endpoints for:
9997 = Default listening port for forwarder communication.
8000 = Default Splunk web (GUI) port.
8089 = Splunk management port (also used by deployment server).

alt text

0 Karma

halr9000
Motivator

I'm not seeing that this answer is relevant to the question. @charris_splunk, you want to revise the answer a bit?

0 Karma
Get Updates on the Splunk Community!

Monitoring MariaDB and MySQL

In a previous post, we explored monitoring PostgreSQL and general best practices around which metrics to ...

Financial Services Industry Use Cases, ITSI Best Practices, and More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Splunk Federated Analytics for Amazon Security Lake

Thursday, November 21, 2024  |  11AM PT / 2PM ET Register Now Join our session to see the technical ...