Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Write Splunk indexes to different Windows Azure storage account

splunkmlx
Engager
‎02-21-2014 12:32 PM

Hi,

I'm trying to host splunk on windows Azure but want to save data indexed by Splunk on seperate storage account and not on the Azure VM where Splunk is hosted.
Can you please let me know the steps

Tags (2)
Reply

rarsan_splunk
Splunk Employee
Splunk Employee
‎03-29-2016 03:59 PM

The standard approach is to use Virtual Machine data disks or VHDs that are stored as Page Blobs in Azure Storage. Take a look at Splunk in Azure Marketplace solution to easily get started with running Splunk in Azure and storing indexes in Azure Storage. This Marketplace solution encapsulates best practices and necessary steps including opening necessary ports and setting up the appropriate security groups.

Reply

halr9000
Motivator
‎12-18-2014 12:23 PM

You could probably do this with the Azure file service which exposes an SMB share. Performance...may not be great, or even good. That would need to be vetted out thoroughly. I would be hesitant and don't recommend this approach as a best practice.

0 Karma
Reply

charris_splunk
Splunk Employee
Splunk Employee
‎02-24-2014 08:47 AM

There are no special steps required to hosting Splunk on an Azure VM. However, you must create an “endpoint" in the Azure control panel to open up communication on whichever port Splunk is running on to be able to access the Splunk Web UI remotely. See below.

http://www.windowsazure.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/

For Example:
Name: Splunk Web
Protocol: HTTP
Public Port: 80 or 8000
Private Port: 8000 [default]

Splunk ports that you might want to configure endpoints for:
9997 = Default listening port for forwarder communication.
8000 = Default Splunk web (GUI) port.
8089 = Splunk management port (also used by deployment server).

alt text

0 Karma
Reply

halr9000
Motivator
‎12-18-2014 12:17 PM

I'm not seeing that this answer is relevant to the question. @charris_splunk, you want to revise the answer a bit?

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...