reference deployment

Splunk Enterprise on AWS

Search, monitor, and analyze machine data to gain operational intelligence

This Partner Solution deploys a distributed Splunk Enterprise environment to the Amazon Web Services (AWS) Cloud.

The Splunk platform makes machine data accessible and usable. Splunk Enterprise enables you to search, monitor, and analyze machine data from any source to gain valuable intelligence and insights across your entire organization.

With Splunk Enterprise on the AWS Cloud, you gain the flexibility of the AWS infrastructure to tailor your Splunk Enterprise deployment according to your needs, and you can modify your deployment on demand, as these needs change.

 

This Partner Solution was developed by Splunk Inc. in collaboration with AWS. Splunk is an AWS Partner.


AWS Service Catalog administrators can add this architecture to their own catalog.

  •  What you'll build
  • Use this Partner Solution to automatically set up the following Splunk Enterprise environment on AWS:

    • A virtual private cloud (VPC) configured across two Availability Zones, with a public subnet provisioned in each Availability Zone.*
    • An internet gateway to allow access from the internet to the public subnets.*
    • Two Elastic Load Balancing (ELB) load balancers: one to load-balance HTTP web traffic to the search head instances, and the other to load-balance HTTP event traffic destined for the Splunk HTTP Event Collector (HEC) across all indexer instances.
    • An AWS Identity and Access Management (IAM) user with fine-grained permissions for access to AWS services necessary for the deployment process.
    • Appropriate security groups for each instance or function to restrict access to only necessary protocols and ports.
    • In the public subnets, EC2 instances for Splunk Enterprise, including the following:
      • Splunk indexer cluster with the number of indexers you specify (3-10), distributed across the number of Availability Zones you specify.
      • Splunk search heads, either stand-alone or in a cluster, based on your input during deployment. In the latter case, the search heads are distributed across the number of Availability Zones you specify.
      • Splunk license server and indexer cluster master, co-located.
      • Splunk search head deployer, where applicable.
      • (Optional) User-provided Splunk apps and/or add-ons, loaded and pre-installed across indexers and search heads, based on your input.

    The template that deploys the Partner Solution into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To build your Splunk Enterprise environment on AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at https://aws.amazon.com.
    2. Subscribe to the Amazon Machine Image (AMI) for Splunk Enterprise in AWS Marketplace. (To take full advantage of Splunk Enterprise features, we recommend that you obtain a license by contacting sales@splunk.com.)
    3. Launch the Partner Solution. The deployment takes 10–30 minutes, depending on whether you decide to enable search head clustering. You can choose from two options:
    4. Send data to the Splunk indexers.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • This Partner Solutiont requires a subscription to the Splunk Enterprise AMI, which is available from AWS Marketplace. The AMI offers a 60-day trial license that provides limited access to Splunk Enterprise features. To use this Partner Solution, you must obtain a Splunk Enterprise license by contacting sales@splunk.com.

    You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?