Wondering if there are any best practices (or reference architectures) for running Splunk against an Azure (or another cloud) solution where there are, for example, multiple web servers, and in this case a very large number of worker nodes. There could also be n number of these deployments. So essentially LOTS of cloud VM instances. All the logs are automatically transferred to Azure Table Storage.
We don't want to have to transfer all this data on-premise as it could get a little unwieldy.
Would the best approach be to run Splunk up on a VM in the cloud and have it download the logs to local storage? This could be problematic if the VM was recycled as the local storage could (will eventually) get wiped...
Appreciate any guidance.
Thanks,
Dave
... View more