AWS EC2 I3 instances Intel Workload Proof Series: Splunk Enterprise on AWS C5 vs. Once you have these figured out you can decide on which approach you want to use to onboard data optimally. Boost Splunk® Enterprise Performance by up to 5.13x with AWS EC2 C5 instances vs. On the other hand, the top reviewer of Splunk writes 'Good support with an intuitive dashboard but the cost is too high'. The top reviewer of AWS Auto Scaling writes 'A well-documented, user-friendly interface with a simple setup for the automatic launching and configuring of servers'. S3 bucket to host artifacts uploaded by CloudFormation e.g. AWS Auto Scaling is rated 10.0, while Splunk is rated 8.0. Splunk HTTP Event Collector token from your Splunk Enterprise server. Including sample architecture, AWS CloudFormation templates and Ansible playbook (links to Github provided). the pull based approach (using AWS add 0n) although relatively easy to setup the push based approach with AWS kinesis firehose and splunk HEC is more reliable.Īgain, everything depends on your setup, what is the volume of data that you want to onboard, what use cases you want to implement, what AWS services you can implement/use, what is your expectation on data delivery and its reliability, etc. Splunk Enterprise 6.3.0 or later, or Splunk Cloud. Learn why and how Autodesk runs Splunk Enterprise in AWS with the goals of increasing automation, scalability and responsiveness. We do have multiple AWS accounts logging to splunk with considerably good reliability, you just need to get your configuration right.įor AWS a bulk of the data is ingested from CloudWatch log groups using kinesis streams, the differentiating factor in this case is how you decide to get the data into Splunk i.e Pull based or push based approach.
0 kommentar(er)
