Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

when migrating to splunk cloud ,what are things to be known

rahulhari88
Explorer
‎03-21-2024 01:36 AM

Hi 

Can some one help me with the following questions
1) My current setup is in on-premise and i plan to migrate to splunk cloud ,what things should i know ?
I dont want historical data to be transfered to cloud .?
2) Suppose i have 1000 UF and 5 syslog servers , how should i be sending this data ? 
3) Should i install the  Splunk credential package on all of these 1000 + 5 machines or should i deploy a HF before then send it to splunk cloud ?
4) Is there any encryption and compression of data that i have to do before sending to cloud or is it taken care by splunk ?

Labels (1)
Labels
0 Karma
Reply

Richfez
SplunkTrust
SplunkTrust
‎03-26-2024 12:57 PM

1) is a giant question.  🙂  The shortest story here is probably to understand the Admin differences - what you will no longer be able to do yourself and will need a ticket for.  The second is to understand the licensing and billing you will be using and how that may affect things.  A lot of that is covered in the Splunk Cloud Platform Migration Success Guide.

2 and 3 both) It's generally best to send from the UFs direct to cloud, that way all your indexers will equally participate in receiving the data.  Ditto with your syslog servers - they already have a UF/HF on them, I'd suspect, to grab the data sent in by syslog and send it into your on-prem instance so you just need to reconfigure those to forward data to your cloud instance instead of on-prem instance.   In your cloud instance you'll find an app called the (or some variation of) Splunk universal forwarder credentials package.  Click that and it has instructions and a little app to install on your forwarders to teach them how to talk to your cloud instance.

You could send your syslog directly in to cloud too, using the SC4S app from Splunk.

4) I believe Splunk Cloud only accepts encrypted streams (https) so the encryption is enforced by the Splunk universal forwarder credentials package you can download from your cloud instance to set up your forwarders.  Compression is not necessary.

 

I hope that helps!

-Rich

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...