Splunk as a Service (SPS)

Splunk Enterprise is a big data management platform allowing to receive, analyze and process large volumes of data. Splunk Enterprise collects data from various sources and turns it into Operational Intelligence.

Data gathered by Splunk can be searched, indexed, visualized, monitored and organized as reports.

EPAM Cloud supports Splunk as a Service based on Splunk Enterprise 6.3.1.

For more information on Splunk products and usage, visit the official Splunk website.

Have a Question?

The current page gives the general information on the service and the main workflows. However, while working with the services, our users encounter new questions they need assistance with. The most frequently asked questions on EPAM Cloud Services are gathered on the Cloud Services FAQ page.
Visit the page to check whether we have a ready answer for your question.

Related CLI Commands

The table below provides the list of service-related commands and their descriptions:

Command Short Command Description
or2-manage-service...-s splunk -a or2ms Activates the Splunk service in the specified project and region
or2-manage-service...-s splunk-proxy -a or2ms Activates the Splunk proxy service in the specified project and region
or2-splunk-proxy -p project -r region -a create -n endpoint_name -i splunk_instance -x proxy_instance -t port -q quota or2sp Manages Splunk proxy endpoints
or2-describe-instances -S splunk [splunk-proxy] or2din Displays the details of VM's created during the service activation
or2-describe-services -s splunk [splunk-proxy] or2dser Describes the Splunk or Splunk proxy service activated in the specified project and region

Further on this page, you can find more details on the Splunk service manipulation.

Service Architecture

When Splunk as a Service is activated, it starts a virtual machine with a trial version of Splunk Enterprise installed. This version allows using Splunk free of charge up to the limit of 500 Mb of data per day for 60 days. After 60 days, the trial license can be converted into a perpetual free license with the same conditions.
You can also convert the license from trial into a free one using Splunk web UI.

Several Splunk instances can be started for a project and region combination.

If necessary, a Splunk proxy server can also be created to manage data traffic from various endpoints. When the Splunk proxy server is running, you can specify the endpoints from which traffic is to be managed and set the quota to limit the traffic from a particular endpoint

Several Splunk proxy servers can be created for a project and region.

Splunk as a Service Activation and Manipulation

To activate Splunk as a Service, use the or2-manage-service (or2ms) command with the -a/--activate flag and the -s/--service-name parameter with 'splunk' value:

or2ms -p project -r region -a -s splunk

By default, Splunk servers are MEDIUM-shaped VMs with Ubuntu14.04_64-bit operating system.

As soon as the Splunk service is activated, its data can be retrieved using the or2-describe-services (or2dser) command:

or2dser -p project -r region -s splunk

You can find the details on the VMs created within the service activation, by calling the or2-describe-instances (or2din) command with -S splunk parameter:

or2din -p project -r region -S splunk

Splunk Proxy Activation and Manipulation

To start a Splunk proxy server, use the or2-manage-service (or2ms) command with the -a/--activate flag and the -s/--service-name parameter with 'splunk-proxy' value:

or2ms -p project -r region -a -s splunk-proxy

By default, Splunk proxy servers are started as MEDIUM-shaped VMs with Ubuntu14.04_64-bit operating system.

Once a Splunk proxy server has been activated, you can add and manage endpoints to limit traffic from. For this purpose, a special command, or2-splunk-proxy (or2sp), is used:

or2sp -p project -r region -a create -n endpoint_name -i splunk_instance -x proxy_instance -t port -q quota

This command should specify the endpoint action to be performed (describe, create or delete), the IDs of the Splunk service instance and the Splunk proxy instance, the endpoint name and the data traffic quota in Mb set for the endpoint (for the 'create' action). The cumulative daily quota of all endpoints should not exceed 500 Mb.

To retrieve data on the endpoints configured for a particular Splunk proxy instance, use the or2sp command with the -a describe parameter:

or2sp -p project -r region -a describe -x proxy_instance

The command returns the list of all endpoints with their maximum quotas and current quota usage:

To delete a Splunk proxy endpoint, use the or2sp command with the -a delete parameter:

or2sp -a delete -x proxy_instance -n endpoint_name

As soon as the Splunk proxy service is activated, its data can be retrieved using the or2-describe-services (or2dser) command:

or2dser -p project -r region -s splunk-proxy

You can find the details on the VMs created within the service activation, by calling the or2-describe-instances (or2din) command with -S splunk-proxy parameter:

or2din -p project -r region -S splunk-proxy

Web UI

The Splunk service has a web UI which is automatically available as soon as the service is activated.

The server URL and credentials are also returned as part of the or2-describe-services command response:

Using the provided URL, login and password, you can access the Splunk Web UI:

Pricing

The service usage price is defined by the price of the VMs created during the Splunk service activation. Each Splunk or Splunk proxy server has the following configuration:

  • Shape: MEDIUM
  • Image: Ubuntu14.04_64-bit

Therefore, the approximate monthly cost of one Splunk or SPlunk proxy instance of 100% and 24/7 load is about $58.59 in EPAM-BY1 region (as of 08/29/2016). The price can vary depending on the region and the usage pattern.
To get more detailed estimations, please, use our Cost Estimator tool.

References

More information on the Splunk Service can be found in the EPAM Cloud Services Guide. For detailed description of the Maestro CLI commands used to manage the Splunk Service, refer to the Maestro CLI User Guide.