Deploying Splunk in Amazon Web Services
The typical components that make up a Splunk deployment include Splunk forwarders, indexers and search heads. Splunk Enterprise is a single package that can perform one or many of the roles that each component would normally deliver, in addition to others. The software can be installed within minutes to your choice of hardware (physical, cloud or virtual) and operating system. The package is available via a public AMI (Amazon Machine Image) in addition to downloadable packaged forms for most operating systems. While all major Splunk components can be run from a single installation on a single cloud instance, they can also run independently from within different cloud instances. Depending on the deployment infrastructure, considerations must also be taken to allocate the proper amount of resources per component type.
Splunk is the “all you can eat” machine data insight engine. Splunk has taken the data that has been flowing out of our compute infrastructures for years, and applied a unmatched indexing and search capability to correlate events, monitor and expound on key operational and business metrics, while dramatically reducing “Mean Time to Resolution”.
Splunk can ingest data from:
- All major Hypervisors (VMware ESXi, Microsoft HyperV, Citrix Xen)
- All major Server Operating Systems (Windows, Linux)
- All major Enterprise Application (WebSever)
- All major Web Server logs (IIS, Apache, etc)
- All major Networking Devices (Switches, Routers)