- Splunk Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- integration of onpremise data with splunk on azure...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
integration of onpremise data with splunk on azure cloud environment
How can I integrate on-premise Splunk data with splunk on azure cloud.I just wanted High level view like if I can get data from on-premise by installing universal forwarder or need HF in on-prem as well. On Azure cloud I have multisite splunk architecture.
is there any latency which I need to consider etc.
Thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No generic need for HFs on premise to send to Indexers in Azure. Better even to keep it to UFs as much as possible, since the cooked data sent by HFs is much bigger and is more likely to cause issues on the internet connections of your on premise environment.
Whether latency could be a problem depends a bit on your tolerances for how close to real-time your data should get indexed and how much latency you have on your internet connections. In very severe cases it could cause some trouble when you have enabled acknowledgements and those do not arrive back in time, more on that here: https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Protectagainstthelossofin-flightdat...
But in general, latency is not a major concern between forwarders and indexers.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @FrankVl .
lets suppose some data I want in on-premise Splunk and same data over cloud then if I make sendCookedData=false then it will not send cooked data isn't it?
also is there anything which I need to consider?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please provide a bit clearer description of what you envision your set up to look like and what you want to achieve? Because from this new question I get that you also have an on-premise splunk environment (so not just data collection into your Azure hosted cluster)?
If you want to route parts of your data to on-premise indexers and part of it to the cloud, that could very well be a reason for needing Heavy Forwarders.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes @FrankVl I have Splunk setup on on-premise as well on azure cloud . And I am integrating on-premise data with splunk on azure so that I will get consolidated view on azure cloud.i.e. both on-prem and cloud data in one place. that's what my final goal is.
as of now I want all on-prem data to be feed in cloud irresoecive of it is indexed in on-prem as in future on-prem splunk solution may closed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then you could start by adding the cloud environment as a second target group in all your existing on premise output confs next to your on premise target. That way, the data of those on premise forwarders is also sent to your cloud environment.
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
