- Splunk Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: Using one instance of splunk to monitor aws an...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using one instance of splunk to monitor aws and azure
Hi,
Is it possible to use one instance of Splunk to monitor two cloud vendor environments? As in an AWS and an Azure, and what would the architecture look like? Also, are there any downsides to doing this?
Thanks,
Anthony
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest, for your own sanity, setting up an indexer cluster and having AWS as one site and Azure as another, but monitoring both environments from one Splunk instance is easily achieved.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why exactly would you recommend that? It means managing two different types of infrastructure, also different instance types and all. I would say it is much easier to manage a Splunk cluster that is fully built on either AWS or Azure, not split across both?
I can imagine it might be a bit easier if you can point Azure sources to the Azure indexer site and AWS sources to the AWS indexer site, but wondering if that advantage outweighs the disadvantages of having such a split set up?
If you do so: do make sure latency between those 2 environments is within acceptable limits. https://answers.splunk.com/answers/317146/what-is-the-maximum-latency-we-should-see-between.html mentions 100ms as a guideline.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My thoughts are around scale, as we could go with a number of cloud offerings over many tiers which we could then end up running loads of different splunk instances.. so I am concerned from an analysis point of view where we could end of with loads of screens to watch. and yes we would have indexers in both site environments to keep that continuity.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As long as you can arrange connectivity from each of those environments to your Splunk environment: sure.
Enabling connectivity from a certain cloud environment to somewhere else might be a bit more difficult than arranging connectivity within the environment, but technically there is no reason why you couldn't send logs from AWS hosted devices and from Azure hosted systems to a single Splunk environment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your answer, that is very helpful.
Index This | I’m short for "configuration file.” What am I?
New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...
Your Guide to SPL2 at .conf24!
