Deploy Splunk Enterprise

Last updated: 10/25/2016

Deploy Splunk Enterprise as a single instance or a distributed cluster to quickly and easily get started with Splunk in Azure. To deploy on Azure Government, go to the Azure quick start repository via the Browse on GitHub button.

This Azure Resource Manager template was created by a member of the community and not by Microsoft. Each Resource Manager template is licensed to you under a license agreement by its owner, not Microsoft. Microsoft is not responsible for Resource Manager templates provided and licensed by community members and does not screen for security, compatibility, or performance. Community Resource Manager templates are not supported under any Microsoft support program or service, and are made available AS IS without warranty of any kind.

Parameters

Parameter Name Description
location Location where resources will be provisioned
storageAccountType Storage account type which determines data redundancy and underlying drive type
deploymentType Splunk deployment type
standaloneVmSize Size of standalone VM
clusterMasterVmSize Size of cluster master VM
clusterSearchheadVmSize Size of cluster search head VM
clusterIndexerVmSize Size of cluster indexer VM
clusterIndexerVmCount Count of indexer nodes
adminUsername Username for the VMs
adminPassword Password for the VMs
splunkAdminPassword Password for Splunk admin
virtualNetworkName Name of the virtual network that the consumer wants to use
virtualNetworkNewOrExisting Identifies whether to use new or existing Virtual Network
virtualNetworkExistingRGName Name of resource group of existing Virtual Network (if applicable)
virtualNetworkAddressPrefix Virtual network address CIDR
subnet1Name Subnet for the Search Head
subnet2Name Subnet for the Indexers
subnet1Prefix Search Head subnet CIDR
subnet2Prefix Indexer subnet CIDR
subnet1StartAddress Search Head subnet start address
subnet2StartAddress Indexer subnet start address
sshFrom CIDR block from which SSH access is allowed (default is ssh access from anywhere)
forwardedDataFrom CIDR block from which forwarded data is allowed (default is data can be received from anywhere)
domainNamePrefix Prefix for domain name to access Splunk which is in the format: {prefix}.{location}.cloudapp.azure.com e.g. mysplunk.westus.cloudapp.azure.com. Prefix should match the following regular expression ^[a-z][a-z0-9-]{1,61}[a-z0-9]$ or it will raise an error.
publicIPName Name of the Search Head public IP address
templateLocation Template file location

Use the template

PowerShell

New-AzureRmResourceGroupDeployment -Name <deployment-name> -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/splunk-on-ubuntu/azuredeploy.json
Install and configure Azure PowerShell

Command line

azure config mode arm
azure group deployment create <my-resource-group> <my-deployment-name> --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/splunk-on-ubuntu/azuredeploy.json
Install and Configure the Azure Cross-Platform Command-Line Interface