Splunk —An Overview

Any Question, Any Data, One Splunk

Data Explosion

What data can be ingested by splunk?

History of Splunk

Splunk Flavors

  1. Splunk Enterprise — The most popular, on-prem solution & splunk steam processing system.
  2. Splunk Lite — This is a subset of the functionality offered by splunk enterprise, but this does not come with commercial licence.
  3. Splunk cloud — Splunk offered on cloud as a Saas offering. But companies having data-governance concerns should evaluate this carefully as the data is stored over cloud.

Splunk Licencing & Plans

  1. Splunk Free — Limit 500 MB data per day
  2. Splunk Enterprise — Popular. The cost varies. You can negotiate the price based on the volume of data you expect, so that you don’t have to pay more than you need to. As the volume increases, the per GB cost reduces.

Splunk Distributed Clustered Deployment

1. Forwarder

2. Indexer

3. The Search Head

Image sourced from https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.edureka.co%2Fblog%2Fsplunk-architecture%2F&psig=AOvV
Splunk Distributed Clustered Deployment

Splunk SVA (Splunk validated architecture)

  1. Availability — Should be able to recover quickly from planned/unplanned outages
  2. Performance — Provide optimal level of service in-spite of varying usage patterns
  3. Scaling — Should be able to scale to provide for future increased usage
  4. Security — Protect data, configuration & assets
  5. Manageability — Centrally operable and easily manageable across all tiers

Splunk Architecture

Image sourced from https://subscription.packtpub.com/book/big_data_and_business_intelligence/9781785884351/1/ch01lvl1sec08/sp
Image source https://subscription.packtpub.com/book/big_data_and_business_intelligence/9781785884351/1/ch01lvl1sec08/splunk-s-architecture

Splunk Roles

  1. User — Build and use search and knowledge objects of self
  2. Power — Also use shared knowledge objects of other users
  3. Admin — Can do everything and comprises of least % of users

Splunk Configuration — Data governance for storage

  1. Hot Bucket — Last 1 day data — All write happen here. Super fast search
  2. Warm Bucket — last 3 months data — No writes. Fast search
  3. Cold Bucket — Data older than 3 months — No writes. Slow search
  4. Frozen Bucket — Data older than say 6 months — No writes. No search. To search this, data has to be brought to the cold bucket.


Watch out for my next article : Splunk — A developer’s perspective.




Java Architect | MongoDB | Oracle DB| Application Performance Tuning | Design Thinking | https://www.linkedin.com/in/saradasastri/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How To Edit Videos With Golang

Rqueue V2.0 [Asynchronous task execution using Redis]

Find a Corresponding Node of a Binary Tree in a Clone of That Tree

Dockerizing Discord’s Music Bot in Amazon ECS

12 DevOps Questions For David Henke — Thoughts on DevOps and Machine Intelligence by SignifAI

This is what Tesla uses for front end devolpment

Winning the Apple WWDC18 Scholarship

Azure SQL Managed Instance Database Mail Architecture

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sarada Sastri

Sarada Sastri

Java Architect | MongoDB | Oracle DB| Application Performance Tuning | Design Thinking | https://www.linkedin.com/in/saradasastri/

More from Medium

Grading 5 Popular Data Visualizations Posted in r/dataisbeautiful [March 2022] | Superdeck

superdeck data visualization best practices breakdown examples

The Easiest Way to Plot Topography

Connecting to an MSSQL server on a Mac

Building BMI categories from continuous data using Stata