Splunk software searches, monitors, analyzes and visualizes machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. Splunk Enterprise is the leading platform for real-time operational intelligence, enabling organizations to search, monitor and analyze machine data to discover powerful insights across security, IT operations, application delivery, industrial data and IoT use cases.
Splunk Enterprise deployment via Azure Marketplace:
You can find the Splunk Enterprise offering in the Azure Marketplace by navigating to Marketplace in the Azure portal and searching for Splunk. Once you have selected the offer please go through the create process and enter the Basics configuration for the deployment which includes: VM user name, VM user password, Subscription, Resource group name and Location where you want to run your Splunk Enterprise.
In the Infrastructure Information section, you get to choose the size of the virtual machine, name of the Virtual Network with Address space and configure Subnets. In the Splunk settings section, choose the Public IP name, Domain name, deployment type (Single node or Cluster), admin password, IP range to SSH from and IP range to receive data from.
Marketplace will provide a summary once completed and at this point you can also download the ARM template that would be utilized to provision Splunk Enterprise. This can help customers who would want to continue launching Splunk deployments via Azure CLI/PowerShell.
For more details about Splunk ARM template and the actual Splunk deployment topology , refer to the original Splunk blog post.
To learn more about working with Azure Marketplace images refer to this article.
How to use Splunk Enterprise on Azure:
Once your deployment has completed, you can get started with the Splunk Enterprise service running in Azure. If you do not know the Splunk Enterprise URL, search for the Resource Group within which you deployed Splunk Enterprise, click on the Resource Group Name and then click on the date link below Last deployment. Click on splunk.splunk-enterprisebyol- and copy the SPLUNKURL. Paste the copied URL to your browser's address bar, enter the user name as "admin" and password as provided by you before deploying the template.
Now you are ready to set-up Splunk Add-on for Microsoft Azure.
Splunk has released a cross-platform Add-on for Microsoft Azure that collects diagnostic and performance data from Azure IaaS and PaaS and provides pre-built visualizations for analysis and insights. The Add-on also ingests Azure Audit data to keep track of changes to your Azure subscription(s) and underlying Azure resources. You can refer to the Splunk blog for more details on the Add-on for Azure.
Download the Add-on from here.
Click on Manage Apps gear in Splunk Enterprise, click on "Install app from file", browse to where you have downloaded Splunk Add-on for Microsoft Azure and Upload. You will need to restart Splunk and click on Add Data on Splunk Enterprise, when the service is back. Clicking on Monitor will take you the navigation panel and you can choose Azure Diagnostics in the left panel to fill in Azure Storage Account Name, Storage Account Access Key for the Azure Storage Account you want to monitor along with other fields.
When you are done, you can start searching and analyzing data. You can also easily build your own dashboards by using the prebuilt panels that comes with the Add-on. Refer to Splunk docs for more information on using prebuilt panels.
Here is a video demo from Splunk.
Happy Splunking on Azure!!
- In case you hit a problem provisioning the cluster, you can get detailed help by looking at the resource group you created.
- Conflict during deployment, error “Operation results in exceeding quota limits of Core.” Your deployment requires more resources than your current quota. You can request additional quota increases. Find more details here.
- Deployment succeeded, however I need help using Splunk Enterprise. Refer to Splunk Enterprise documentation for technical overview. For Splunk support, contact: firstname.lastname@example.org. For feature requests and feedback on Splunk in Azure Marketplace solution, contact email@example.com