Splunk Ninja – Cloud Power – Splunkin’ with Amazon’s EC2
I’m a big fan of cloud computing. Amazon has put together a very usable pile of computing services with their Elastic Compute Cloud (EC2). The ability to quickly provision server computing resources in a pay-to-play virtual environment is right up my alley! This video gives background on EC2, and demonstrates how fast I can get one of my Splunk Amazon EC2 images up and running. Having your own set of preconfigured images is very handy depending on your use case. I have one for the Interop data, one for Splunk Preview releases, and a few more for other configurations.
Anecdotally, I was out at a prospect and did a demo on my EC2 image in the cloud, as I often do. This time however, I used the Splunk server on my laptop to forward a pile of local logs over the internet up to the cloud instance of Splunk–in real time.
Finally, something you might want to think about as a user/customer/evaluator: Having trouble getting server resources for your Splunk eval? Set up Splunk in the cloud. But how do you get the logs up there, you ask. Splunk can be installed locally inside your firewall and and can securely forward data to other Splunk servers–namely one you are using in the cloud.
Aside from obvious benefits of using cloud services, I dig the fact that I can own it, have root on it, secure it, harden it, or do whatever I need to do with that compute capacity–heck, spin up two indexers with distributed search and 100 forwarders–all in the cloud.
I look forward to hearing from all of the naysayers about “putting my corporate data up in the cloud”. Before you jump on that horse, remember.. in the cloud you have control over that server(s) and your data on it–on other SaaS services you don’t. Paglo?