My client has purchased Splunk Azure licenses and we are about to implement the same. As this is the first time I am about to implement on a cloud instance, I wanted to understand how the data needs to be fetched from the Perimeter Network Devices and windows servers in their environment?
Can the Splunk Heavy Forwarder be installed on a Syslog server where the perimeter devices log data and then forward it to the search head instance?
Can you please provide me a document which details Azure deployment step by step if available?
There is nothing Azure
specific but here should be everything that you need:
https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf
https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html
http://www.georgestarcher.com/splunk-success-with-syslog/
Do not use HF
for your sylslog
, use UF
.
There is nothing Azure
specific but here should be everything that you need:
https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf
https://answers.splunk.com/answers/118859/diagram-of-splunk-common-network-ports.html
http://www.georgestarcher.com/splunk-success-with-syslog/
Do not use HF
for your sylslog
, use UF
.
Thank you for the quick response. Much appreciated @WoodCock. Shall review the same now.