Announcing Splunk Enterprise in Microsoft Azure Marketplace

AzureWe are pleased to announce the release of Splunk Enterprise in Microsoft Azure Marketplace!

Now Azure customers can deploy and purchase Azure-certified Splunk Enterprise clusters in minutes, with the entire point-and-click workflow contained within their Azure portal.

This Bring-Your-Own-License offering on Azure IaaS, provides Splunk customers another platform for self-managed Splunk deployments in addition to on-premise and other public cloud deployment options.


What can Splunk Enterprise in Azure Marketplace do for you?

Our mission at Splunk is to make machine data accessible, usable and valuable to everyone. We strive to turn machine data into valuable insights in as little time as possible to help businesses in their journey towards operational intelligence:

Time to value flowchart

Splunk Enterprise in Azure Marketplace enables and accelerates that journey by dramatically simplifying the deployment phase, where a Splunk Enterprise solution is provisioned in matter of minutes using Linux VMs and other Azure cloud resources in any user-selected Azure region around the world (there are 19 regions at the time of writing this post). Deployment is powered by Azure Resource Manager templates which provides extensibility, security, auditing, and tagging features to help you manage your resources as a group after deployment.

Splunk Enterprise in Azure Marketplace therefore provides all the benefits of cloud such as:

  • Low total cost of owning and operating an enterprise-grade operational intelligence solution
  • Faster time-to-value since it is easy and quick to get started on Azure without having to worry about hardware, lengthy installation and configuration processes
  • Easily scale your use case without dealing with months of hardware and capacity planning
  • Increased collaboration with access to your data anywhere, anytime and by any authorized user
  • Less environmental impact with reduced data centers, shared resources and optimized operational usage.


How to get started with Splunk Enterprise in Azure Marketplace?

A) From Azure Marketplace:

  1. Search for ‘Splunk’ or visit the Splunk Enterprise offering page directly
  2. Click ‘Deploy’ button which redirects to Azure portal with Splunk Enterprise solution pre-selected

B) From Azure Portal:

  1. Click ‘New’ or ‘+’ from the left panel and type ‘Splunk’ in the top search bar to search the marketplace
  2. Click ‘Splunk Enterprise’ search result to start configuring your Splunk Enterprise solution

From this point onward, Splunk Enterprise solution configuration is straightforward and divided into 3 steps or tabs:

  1. Basics settings: to select location for all resources, and associated resource group and subscription, as well as admin credentials for underlying Azure VM(s).
  2. Infrastructure settings: to select VM size, and optionally customize the virtual network and subnets.
  3. Splunk settings: to configure a custom DNS subdomain to access the solution, in addition to Splunk admin credentials, and to select a deployment size for Splunk Enterprise. For now, you can choose to deploy Splunk Enterprise as either a single instance or a cluster, where the latter is set to 3 indexer peers, a cluster master and a cluster search head. For security hardening, you can also optionally restrict the IP ranges from which VM access is allowed and from which data can be forwarded from.

Enter Splunk settings in Azure


Deployed Topology of Splunk Enterprise

You can specify the desired deployment, whether it’s a single instance or a 3-peer indexer cluster for higher usage and availability. Each indexer has eight 1TB VHDs (Azure Standard Storage) striped in RAID 0 configuration for a total of 8TB per indexer and a whopping 3000 IOPS based on internal tests. At a data ingestion rate of say 100GB/day, there’s enough fast storage in the cluster for about 7-month data retention. The following diagram shows the architecture of the cluster version of Splunk Enterprise deployed in Azure Marketplace by an example company ABC:

Topology of Splunk on Azure


  • This solution uses Splunk’s default certificates to enable secure HTTPS traffic, but this will create a browser warning since the certificates are self-signed. Please follow instructions in Splunk Docs to secure Splunk Web with your own SSL certificates.
  • This solution uses Splunk’s 60-day Enterprise Trial license which includes only 500MB of indexing per day. Contact the Splunk sales team online if you need to extend your license or need more volume per day. Once you acquire a license, please follow instructions in Splunk Docs to install the license in the single-node deployment, or, in case of a cluster deployment, you can configure a central license master to which the cluster peer nodes can subscribe. You could re-use existing cluster master for the license master role or create a new dedicated node.
  • The cluster version of this solution will mostly likely need more than 20 cores which will require an increase in your default Azure core quota for ARM. Please contact Microsoft support to increase your quota.


What’s next?

We’re excited about this first release of Splunk Enterprise in Azure Marketplace. Stay tuned for additional enhancements to make the solution even more customizable and to leverage more HA/DR capabilities. Reach us at or leave us a note below to tell us how you’re using Splunk Enterprise in Azure Marketplace and which features and Azure integrations you’d like to see added. Now deploy Splunk and start listening to your data!

Login Screen of Splunk on Azure

Can’t deploy it in Azure. Is there known issue?
It hangs during deployment phase on “Infrastructure Information” step. Can’t fetch a data.

February 29, 2016

Hey Greg, this is not a known issue. We have reported it to Azure Marketplace team. It’s likely a temporary issue so I would suggest trying the flow again.
If you are still encountering this, please file a support case directly within Azure portal.

Roy Arsan
March 8, 2016