Skip to content
This repository has been archived by the owner on Oct 4, 2024. It is now read-only.

Doc edits #45

Open
wants to merge 47 commits into
base: doc-edits
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
8af4a53
add templates for smartstore
Aug 14, 2019
c52e00f
added smartstore support
theckm May 6, 2020
31f41c1
Update splunk-enterprise-master-ss.template
May 7, 2020
672a208
Create user_data.sh
May 13, 2020
5e09070
Update user_data.sh
May 13, 2020
3b5875b
updated for further testing using user_data.sh
billbartlett May 20, 2020
a385884
changed timeout for CM wait condition
billbartlett May 20, 2020
3dc459f
decrease cm timeout condition to 15 minutes
billbartlett May 20, 2020
f00266d
changed timeout for CM to 10 minutes.
billbartlett May 21, 2020
efac84e
housekeeping
billbartlett May 21, 2020
1ee5b78
fixed location of the user_data.sh download. it was inadvertently lo…
billbartlett May 21, 2020
884087a
added time to ansible start script to see how long the installation t…
billbartlett May 22, 2020
92cb531
fixed some syntax issues and added echo statements to the functions.
billbartlett May 22, 2020
3b3dc28
add splunk cluster master to user_data.sh process
billbartlett May 27, 2020
01e6913
updated to add splunk cluster manager to user_data script
billbartlett Jun 8, 2020
c151a01
adding license by default for testing
billbartlett Jul 9, 2020
989e85c
add 0.0.0.0/0 as access CIDR by default for easier testing
billbartlett Jul 9, 2020
c92fe87
.
billbartlett Jul 9, 2020
9641ec4
moved all of the code that runs on every machine to a 'base' function.
billbartlett Jul 13, 2020
b91040e
changed location that splunk license installs to
billbartlett Jul 13, 2020
555c1ac
changed minimum indexer count to 4 instead of 3
billbartlett Jul 16, 2020
56cdbf7
migrated search head cluster logic to user_data.sh
billbartlett Jul 16, 2020
5ffa5bd
updated functionality for clustered search heads
billbartlett Jul 23, 2020
0913c16
migrated indexer cluster to user_data.sh
billbartlett Jul 23, 2020
489450d
added sleep to ensure splunkd is fully up before editing cluster config
billbartlett Jul 23, 2020
e441d9a
updated instance types
billbartlett Jul 23, 2020
201f4a4
clean up instance type selection, and add nvme drive setup code for i…
billbartlett Sep 14, 2020
7ec5120
Update user_data.sh
billbartlett Oct 13, 2020
1d06a41
initial commit of YAML conversion
billbartlett Oct 13, 2020
ba45368
initial adoc commit
Jan 22, 2021
a8c2975
removing/renaming old templates, updating some docs
Feb 12, 2021
c3793e4
updating docs and associated images
Feb 25, 2021
f4c4a60
cleanup and rename of templates
Feb 25, 2021
b396f1e
cleaning up docs
Mar 9, 2021
311ae3d
updated readme to highlight a splunk license is now required for quic…
Apr 20, 2021
e0e87ae
updated quickstart cloudformation to utilize smartstore, as well as
billbartlett Apr 4, 2022
898d9c8
fix default parameter values
billbartlett Apr 7, 2022
73248c8
fix default values
billbartlett Apr 26, 2022
a64b47a
remove everything code-related
billbartlett Apr 28, 2022
defa08d
move documentation to deployment_guide subfolder
billbartlett Apr 28, 2022
8175690
update adocs
billbartlett May 10, 2022
e459a9b
added _deployment_guide.adoc
billbartlett May 20, 2022
2f55069
added boilerplate
billbartlett May 20, 2022
d389f42
updated boilerplate submodule to point to aws-ia instead of
billbartlett May 20, 2022
01b66c4
remove boilerplate
billbartlett May 20, 2022
25e1883
re-add boilerplate
billbartlett May 20, 2022
a179031
updated some of the documentation to align with new formatting.
billbartlett May 20, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
add templates for smartstore
Bill Bartlett committed Aug 14, 2019
commit 8af4a53156a751d54e9887fbfa6211195d38c7d5
577 changes: 577 additions & 0 deletions templates/splunk-enterprise-master-ss.template
Original file line number Diff line number Diff line change
@@ -0,0 +1,577 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Splunk deployment with indexer, search head clustering and cluster master.",
"Parameters": {
"AvailabilityZones": {
"Description": "List of Availability Zones to use for the subnets in the VPC (logical order preserved). This must match the Number of Availability Zones parameter value.",
"Type": "List<AWS::EC2::AvailabilityZone::Name>"
},
"NumberOfAZs": {
"AllowedValues": [
"2",
"3"
],
"Default": "2",
"Description": "Number of Availability Zones to use in the VPC. This must match your selections in the list of Availability Zones parameter.",
"Type": "String"
},
"WebClientLocation": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "Must be a valid IP range in x.x.x.x/x notation. Use 0.0.0.0/0 for no restrictions.",
"Description": "The IP address range that is allowed to connect to the Splunk web interface. Note: a value of 0.0.0.0/0 will allow access from ANY ip address",
"MaxLength": "19",
"MinLength": "9",
"Type": "String"
},
"HECClientLocation": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "Must be a valid IP range in x.x.x.x/x notation. Use 0.0.0.0/0 for no restrictions.",
"Description": "The IP address range that is allowed to send data to Splunk HTTP Event Collector. Note: a value of 0.0.0.0/0 will allow access from ANY ip address",
"MaxLength": "19",
"MinLength": "9",
"Type": "String"
},
"IndexerInstanceType": {
"AllowedValues": [
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"m4.2xlarge",
"m4.4xlarge",
"m4.10xlarge",
"c5.2xlarge",
"c5.4xlarge",
"c5.9xlarge",
"c5.18xlarge",
"i3.2xlarge",
"i3.4xlarge",
"i3.8xlarge"
],
"Description": "EC2 instance type for Splunk Indexers",
"ConstraintDescription": "must be a valid EC2 instance type.",
"Default": "c5.4xlarge",
"Type": "String"
},
"SearchHeadInstanceType": {
"AllowedValues": [
"c4.2xlarge",
"c4.4xlarge",
"c4.8xlarge",
"r4.4xlarge",
"r4.8xlarge",
"r4.16xlarge",
"c5.2xlarge",
"c5.4xlarge",
"c5.9xlarge",
"m5.2xlarge",
"m5.4xlarge",
"m5.12xlarge"
],
"Description": "EC2 instance type for Splunk Search Heads",
"ConstraintDescription": "must be a valid EC2 instance type.",
"Default": "c5.4xlarge",
"Type": "String"
},
"IndexerApps": {
"Description": "Comma separated list of URLs of Splunk App (or Add-on) tarballs (.spl) to pre-install on indexer(s)",
"Default": "",
"Type": "CommaDelimitedList"
},
"SearchHeadApps": {
"Description": "Comma separated list of URLs of Splunk App (or Add-on) tarballs (.spl) to pre-install on search head(s)",
"Default": "",
"Type": "CommaDelimitedList"
},
"KeyName": {
"ConstraintDescription": "Must be the name of an existing EC2 KeyPair.",
"Description": "Name of an existing EC2 KeyPair to enable SSH access to the instance",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"PublicSubnet1CIDR": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x.",
"Default": "10.0.1.0/24",
"Description": "The address space that will be assigned to the first Splunk server subnet. (x.x.x.x/x notation)",
"Type": "String"
},
"PublicSubnet2CIDR": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x.",
"Default": "10.0.2.0/24",
"Description": "The address space that will be assigned to the second Splunk server subnet. (x.x.x.x/x notation)",
"Type": "String"
},
"PublicSubnet3CIDR": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x.",
"Default": "10.0.3.0/24",
"Description": "The address space that will be assigned to the second Splunk server subnet. (x.x.x.x/x notation)",
"Type": "String"
},
"QSS3BucketName": {
"Default": "splk-quickstart-testing",
"Description": "S3 bucket name for the Quick Start assets.",
"Type": "String"
},
"QSS3KeyPrefix": {
"Default": "quickstart-splunk-enterprise/",
"Description": "S3 key prefix for the Quick Start assets.",
"Type": "String"
},
"SHCEnabled": {
"AllowedValues": [
"yes",
"no"
],
"Default": "no",
"Description": "Do you want to build a Splunk search head cluster?",
"Type": "String"
},
"SSHClientLocation": {
"AllowedPattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"ConstraintDescription": "Must be a valid IP range in x.x.x.x/x notation. Use 0.0.0.0/0 for no restrictions.",
"Description": "The IP address range that is allowed to SSH to the EC2 instances. Note: a value of 0.0.0.0/0 will allow access from ANY ip address",
"MaxLength": "19",
"MinLength": "9",
"Type": "String"
},
"SplunkAdminPassword": {
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"ConstraintDescription": "Must be at least 8 characters containing letters, numbers and symbols.",
"Description": "Admin password for Splunk. Must be at least 8 characters containing letters, numbers and symbols",
"MaxLength": "32",
"MinLength": "6",
"NoEcho": "true",
"Type": "String"
},
"SplunkIndexerCount": {
"ConstraintDescription": "must be a valid number, 3-10",
"Default": "3",
"Description": "How many Splunk indexers to launch. [3-10]",
"MaxValue": "10",
"MinValue": "3",
"Type": "Number"
},
"SplunkIndexerDiskSize": {
"ConstraintDescription": "must be a valid number, 320-16000",
"Default": "320",
"Description": "The size of the attached EBS volume to the Splunk indexers. (in GB)",
"MaxValue": "16000",
"MinValue": "320",
"Type": "Number"
},
"SplunkSearchHeadDiskSize": {
"ConstraintDescription": "must be a valid number, 320-16000",
"Default": "320",
"Description": "The size of the attached EBS volume to the Splunk search head(s). (in GB)",
"MaxValue": "16000",
"MinValue": "320",
"Type": "Number"
},
"SplunkLicenseBucket": {
"Default": "",
"Description": "Name of private S3 bucket with licenses to be accessed via authenticated requests",
"Type": "String"
},
"SplunkLicensePath": {
"Default": "",
"Description": "Path to license file in S3 Bucket (without leading '/')",
"Type": "String"
},
"SplunkReplicationFactor": {
"ConstraintDescription": "must be a valid number, 2-4",
"Default": "2",
"Description": "How many copies of data should be stored in the Splunk Indexer Cluster",
"MaxValue": "4",
"MinValue": "2",
"Type": "Number"
},
"SplunkSearchFactor": {
"ConstraintDescription": "must be a valid number, 2-4",
"Default": "2",
"Description": "How many copies of data should be searchable in the Splunk indexer clusters",
"MaxValue": "4",
"MinValue": "2",
"Type": "Number"
},
"SplunkClusterSecret": {
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"ConstraintDescription": "Must be at least 8 characters containing letters, numbers and symbols.",
"Description": "Shared cluster secret for Search Head and Indexer clusters. Must be at least 8 characters containing letters, numbers and symbols.",
"MaxLength": "32",
"MinLength": "6",
"NoEcho": "true",
"Type": "String"
},
"SplunkIndexerDiscoverySecret": {
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"ConstraintDescription": "Must be at least 8 characters containing letters, numbers and symbols.",
"Description": "Security key used for communication between your forwarders and the cluster master. This value should also be used by forwarders in order to retrieve list of available peer nodes from cluster master. Must be at least 8 characters containing letters, numbers and symbols.",
"MaxLength": "32",
"MinLength": "8",
"NoEcho": "true",
"Type": "String"
},
"VPCCIDR": {
"AllowedPattern": "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})/(\\d{1,2})",
"ConstraintDescription": "must be a valid IP CIDR range of the form x.x.x.x/x.",
"Default": "10.0.0.0/16",
"Description": "The address space that will be assigned to the entire VPC where Splunk will reside. (Recommend at least a /16)",
"MaxLength": "19",
"MinLength": "9",
"Type": "String"
}
},
"Metadata": {
"AWS::CloudFormation::Interface": {
"ParameterGroups": [
{
"Label": {
"default": "AWS Instance and Network Settings"
},
"Parameters": [
"IndexerInstanceType",
"SearchHeadInstanceType",
"KeyName",
"WebClientLocation",
"HECClientLocation",
"SSHClientLocation",
"AvailabilityZones",
"NumberOfAZs",
"VPCCIDR",
"PublicSubnet1CIDR",
"PublicSubnet2CIDR",
"PublicSubnet3CIDR"
]
},
{
"Label": {
"default": "Splunk Settings"
},
"Parameters": [
"SplunkAdminPassword",
"SplunkClusterSecret",
"SplunkIndexerDiscoverySecret",
"SplunkLicenseBucket",
"SplunkLicensePath",
"SplunkIndexerCount",
"SplunkIndexerDiskSize",
"SplunkSearchHeadDiskSize",
"SplunkReplicationFactor",
"SplunkSearchFactor",
"SHCEnabled",
"IndexerApps",
"SearchHeadApps"
]
},
{
"Label": {
"default": "AWS Quick Start Configuration"
},
"Parameters": [
"QSS3BucketName",
"QSS3KeyPrefix"
]
}
],
"ParameterLabels": {
"AvailabilityZones": {
"default": "Availability Zones"
},
"NumberOfAZs": {
"default": "Number of Availability Zones"
},
"WebClientLocation": {
"default": "Permitted CIDR for Splunk web interface"
},
"HECClientLocation": {
"default": "Permitted CIDR for Splunk HTTP event collector input"
},
"IndexerInstanceType": {
"default": "EC2 instance type for Splunk indexer"
},
"SearchHeadInstanceType": {
"default": "EC2 instance type for Splunk search head"
},
"KeyName": {
"default": "Key Name"
},
"PublicSubnet1CIDR": {
"default": "Public Subnet 1 CIDR"
},
"PublicSubnet2CIDR": {
"default": "Public Subnet 2 CIDR"
},
"PublicSubnet3CIDR": {
"default": "Public Subnet 3 CIDR"
},
"QSS3BucketName": {
"default": "QuickStart S3 Bucket Name"
},
"QSS3KeyPrefix": {
"default": "QuickStart S3 Key Prefix"
},
"SHCEnabled": {
"default": "Enable Search Head Cluster?"
},
"SSHClientLocation": {
"default": "Permitted CIDR for ssh"
},
"SplunkAdminPassword": {
"default": "Splunk Admin Password"
},
"SplunkIndexerCount": {
"default": "No. of Splunk Indexers"
},
"SplunkIndexerDiskSize": {
"default": "Indexer Disk Size"
},
"SplunkLicenseBucket": {
"default": "Splunk License Bucket"
},
"SplunkLicensePath": {
"default": "Splunk License S3 Bucket Path"
},
"SplunkReplicationFactor": {
"default": "Index Cluster Replication Factor"
},
"SplunkSearchFactor": {
"default": "Index Cluster Search Factor"
},
"SplunkClusterSecret": {
"default": "Shared Security Key for Cluster Nodes"
},
"SplunkIndexerDiscoverySecret": {
"default": "Shared Security Key for Forwarders using Indexer Discovery"
},
"IndexerApps": {
"default": "Apps/Add-ons to pre-Install on Splunk Indexers"
},
"SearchHeadApps": {
"default": "Apps/Add-ons to pre-Install on Splunk Search Heads"
},
"VPCCIDR": {
"default": "VPC CIDR"
}
}
}
},
"Conditions": {
"Create3AZ": {
"Fn::Equals": [
{
"Ref": "NumberOfAZs"
},
"3"
]
}
},
"Resources": {
"VPCStack": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"TemplateURL": {
"Fn::Sub": "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template"
},
"Parameters": {
"AvailabilityZones": {
"Fn::Join": [
",",
{
"Ref": "AvailabilityZones"
}
]
},
"CreatePrivateSubnets": "false",
"KeyPairName": {
"Ref": "KeyName"
},
"NumberOfAZs": {
"Ref": "NumberOfAZs"
},
"PublicSubnet1CIDR": {
"Ref": "PublicSubnet1CIDR"
},
"PublicSubnet2CIDR": {
"Ref": "PublicSubnet2CIDR"
},
"PublicSubnet3CIDR": {
"Ref": "PublicSubnet3CIDR"
},
"VPCCIDR": {
"Ref": "VPCCIDR"
}
},
"TimeoutInMinutes": 15
}
},
"SplunkStack": {
"Type": "AWS::CloudFormation::Stack",
"Properties": {
"TemplateURL": {
"Fn::Sub": "https://${QSS3BucketName}.s3.amazonaws.com/${QSS3KeyPrefix}templates/splunk-enterprise.template"
},
"Parameters": {
"VPCID": {
"Fn::GetAtt": [
"VPCStack",
"Outputs.VPCID"
]
},
"VPCCIDR": {
"Fn::GetAtt": [
"VPCStack",
"Outputs.VPCCIDR"
]
},
"PublicSubnet1ID": {
"Fn::GetAtt": [
"VPCStack",
"Outputs.PublicSubnet1ID"
]
},
"PublicSubnet2ID": {
"Fn::GetAtt": [
"VPCStack",
"Outputs.PublicSubnet2ID"
]
},
"PublicSubnet3ID": {
"Fn::If": [
"Create3AZ",
{
"Fn::GetAtt": [
"VPCStack",
"Outputs.PublicSubnet3ID"
]
},
{
"Fn::GetAtt": [
"VPCStack",
"Outputs.PublicSubnet2ID"
]
}
]
},
"NumberOfAZs": {
"Ref": "NumberOfAZs"
},
"IndexerInstanceType": {
"Ref": "IndexerInstanceType"
},
"SearchHeadInstanceType": {
"Ref": "SearchHeadInstanceType"
},
"SplunkAdminPassword": {
"Ref": "SplunkAdminPassword"
},
"SplunkClusterSecret": {
"Ref": "SplunkClusterSecret"
},
"SplunkIndexerDiscoverySecret": {
"Ref": "SplunkIndexerDiscoverySecret"
},
"SplunkLicenseBucket": {
"Ref": "SplunkLicenseBucket"
},
"SplunkLicensePath": {
"Ref": "SplunkLicensePath"
},
"KeyName": {
"Ref": "KeyName"
},
"SSHClientLocation": {
"Ref": "SSHClientLocation"
},
"HECClientLocation": {
"Ref": "HECClientLocation"
},
"WebClientLocation": {
"Ref": "WebClientLocation"
},
"SplunkIndexerCount": {
"Ref": "SplunkIndexerCount"
},
"SHCEnabled": {
"Ref": "SHCEnabled"
},
"SplunkIndexerDiskSize": {
"Ref": "SplunkIndexerDiskSize"
},
"SplunkReplicationFactor": {
"Ref": "SplunkReplicationFactor"
},
"IndexerApps": {
"Fn::Join": [
",",
{ "Ref": "IndexerApps" }
]
},
"SearchHeadApps": {
"Fn::Join": [
",",
{ "Ref": "SearchHeadApps" }
]
}
},
"TimeoutInMinutes": 60
}
}
},
"Outputs": {
"SearchHeadURL": {
"Description": "Splunk Enterprise - Search Head URL",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.SearchHeadURL"
]
}
},
"ClusterMasterURL": {
"Description": "Splunk Enterprise - Cluster Master URL",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.ClusterMasterURL"
]
}
},
"ClusterMasterManagementURL": {
"Description": "Splunk Enterprise - Cluster Master Management URL (required for Indexer Discovery)",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.ClusterMasterManagementURL"
]
}
},
"DeployerURL": {
"Description": "Splunk Enterprise - Search Head Cluster Deployer URL",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.DeployerURL"
]
}
},
"HttpEventCollectorURL": {
"Description": "HTTP Event Collector URL",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.HttpEventCollectorURL"
]
}
},
"HttpEventCollectorToken": {
"Description": "HTTP Event Collector Token",
"Value": {
"Fn::GetAtt": [
"SplunkStack",
"Outputs.HttpEventCollectorToken"
]
}
}
}
}
2,704 changes: 2,704 additions & 0 deletions templates/splunk-enterprise-ss.template

Large diffs are not rendered by default.