Splunk Enterprise

by Splunk

Get Started with Splunk Enterprise on Azure

Now you can get Award-winning Splunk Enterprise with the power of the cloud! Splunk Enterprise on Azure provides all the benefits of the cloud:

  • Low total cost of owning & operating an enterprise-grade Operational Intelligence solution
  • Faster time-to-value since it is easy & quick to get started on Azure without worrying about lengthy installation and configuration processes
  • Easily scale your solution without dealing with months of hardware and capacity planning
  • Increased collaboration with access to your data anywhere, anytime and by any authorized user

This Bring Your Own License (BYOL) solution template uses Splunk's 60-day Enterprise Trial license which includes 500MB of indexing per day. Contact the Splunk sales team online if you need to extend your license or need more volume per day.

Deployment typically takes 10-30 minutes, depending on the deployment size requested. Once complete, Splunk Enterprise can be accessed at https://{domainName}.{location}.cloudapp.azure.com. For example, if the deployment is created in the West US region with parameter domainName set to "example", Splunk Enterprise can be accessed at https://example.westus.cloudapp.azure.com using Splunk username admin and configured Splunk password.

A user can choose to deploy Splunk Enterprise as either a single instance or a cluster on Azure. The latter includes a cluster master, a cluster search head and a configurable number of indexer peers. Each indexer node has 8TB of disk storage available. The user can also choose the desired Azure virtual machine size for each role and configure several parameters, including administrative passwords and a custom DNS subdomain for Splunk Enterprise access. For example, if the deployment is created in the West US region with parameter domainName set to "example", Splunk Enterprise can be accessed at https://example.westus.cloudapp.azure.com. In addition, in the case of a cluster deployment, the cluster master can be accessed at https://example-cm.westus.cloudapp.azure.com and the indexer peers are accessible at https://example-cp{NUM}.westus.cloudapp.azure.com where NUM is the indexer number. The indexer peers (or the standalone instance in the case of a single instance deployment) are pre-configured to receive data on TCP port 9997. Port 8088 is also open by default for use by Splunk HTTP(S) Event Collector. Note: To enable secure HTTPS web access, this solution uses Splunk's default certificates to enable HTTPS which will create a browser warning. Please follow instructions in Splunk Docs to secure Splunk web access with your own SSL certificates. Note: Deploying a cluster will mostly likely need more than 20 cores which will require an increase in your default Azure core quota for ARM. Please contact Microsoft support to increase your quota.

VERSION: 1.2.3