AWS Quick Starts

Splunk Enterprise on AWS

Search, monitor, and analyze machine data to gain operational intelligence and insights

Deploy Splunk Enterprise into a new VPC on AWS

or deploy Splunk Enterprise into your existing VPC

(Deployment requires subscription to the Splunk AMI)

View deployment guide

Quick Start architecture for Splunk Enterprise on the AWS Cloud

To deploy a Splunk Enterprise cluster on AWS, view the Quick Start deployment guide. The guide provides step-by-step instructions to help you get the most out of your Splunk Enterprise deployment. To try out additional Quick Starts, view our complete catalog.

splunk-logo_quickstart


Use this Quick Start to deploy a distributed Splunk Enterprise environment on the AWS Cloud.

The Splunk platform makes machine data accessible, usable, and valuable to everyone. Splunk Enterprise enables you to search, monitor, and analyze machine data from any source to gain valuable intelligence and insights across your entire organization.

With Splunk Enterprise on the AWS Cloud, you gain all the flexibility of the AWS infrastructure to tailor your Splunk Enterprise deployment according to your needs, and you can modify your deployment on demand, as these needs change.

This Quick Start includes AWS CloudFormation templates that deploy Splunk Enterprise automatically into a highly available AWS Cloud environment.

  • What you'll build

    Use this Quick Start to set up the following Splunk Enterprise environment on AWS:

    • A virtual private cloud (VPC) configured across two Availability Zones, with a public subnet provisioned in each Availability Zone, if you choose to deploy Splunk Enterprise into a new VPC.
    • The Elastic Load Balancing service, which provides HTTP load balancing across the search head instances.
    • An IAM user with fine-grained permissions for access to AWS services necessary for the deployment process.
    • Appropriate security groups for each instance or function to restrict access to only necessary protocols and ports.
    • In the public subnets, EC2 instances for Splunk Enterprise, including the following:

      • Splunk indexing cluster with the number of indexers you specify (3-10)
      • Splunk search heads, either stand-alone or clustered, based on your input
      • Splunk license server and index cluster master
      • Splunk search head deployer, where applicable
    • Your choice to create a new VPC or deploy Splunk Enterprise into your existing VPC.


    For details, see the Quick Start deployment guide.

  • Deployment details

    Build your Splunk Enterprise cluster in 10-30 minutes, in a few simple steps:

    1. Sign up for an AWS account at https://aws.amazon.com.
    2. Subscribe to the Splunk Enterprise AMI in the AWS Marketplace. (To take full advantage of Splunk Enterprise features, we recommend that you first obtain a license by contacting sales@splunk.com.)
    3. Launch the Quick Start into a new VPC, if you want to build a new AWS infrastructure. (View template)
      -or-
      Launch the Quick Start into an existing VPC, if you already have your AWS environment set up. (View template)
      Each deployment takes 10-30 minutes, depending on whether you decide to enable search head clustering.
    4. Use the Splunk universal forwarder to send data to the indexers, and an add-on tool to ingest and visualize data from AWS services. 


    To customize your deployment, you can choose different instance types for Splunk Enterprise resources, choose the number of instances, replication factor, and indexer disk size, and optionally deploy an Splunk search head cluster.  

    For detailed instructions, see the Quick Start deployment guide.

  • Cost and licenses

    You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using the Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using.

    This Quick Start requires a subscription to the Amazon Machine Image (AMI) for Splunk Enterprise, which is available from AWS Marketplace. The AMI offers a 60-day trial license that provides limited access to Splunk Enterprise features. In order to utilize the deployment created by this Quick Start, you will need to obtain a Splunk Enterprise license by contacting sales@splunk.com.