Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@hamingcode(Mmmmmm)

Splunk SmartStoreを用いたリモートストレージの活用

Posted at

1. 目的

SmartStoreとはSplunk Enterpriseのみで利用可能な機能であり、リモートのオブジェクトストレージ(Amazon S3など)をIndexの格納先として指定することができます。SmartStoreを利用することで以下利点が生まれます。

  • Reduced storage cost. Your deployment can take advantage of the economy of remote object stores, instead of relying on costly local storage.
  • Access to high availability and data resiliency features available through remote object stores.
  • The ability to scale compute and storage resources separately, thus ensuring that you use resources efficiently.
  • Simple and flexible configuration with per-index settings.
  • A bootstrapping capability that allows a new cluster or standalone indexer to inherit data from an old cluster or standalone indexer.

Cache_manager.png

本投稿では、Splunk SmartStoreの設定手順について解説します。How to Deploy Splunk SmartStoreを参考にしました。

2. 設定方法

まず、$SPLUNK_HOME/etc/system/local/indexes.confに以下を編集したファイルを作成します。以下の設定ではIndexer内に保存された全てのIndexがAmazon S3への保管対象となっていますが、個別に指定することも可能です。詳細はこちらを参照してください。再起動すると設定が反映されます。

indexes.confにバケット情報やAWSアカウントの情報を書き込みます。
[default]
# Configure all indexes to use the SmartStore remote volume called
# "remote_store".
# Note: If you want only some of your indexes to use SmartStore,
# place this setting under the individual stanzas for each of the
# SmartStore indexes, rather than here.
#remotePath = volume:remote_store/$_index_name

# Configure the remote volume
[volume:remote_store]
storageType = remote

# On the next line, the volume's path setting points to the remote storage location
# where indexes reside. Each SmartStore index resides directly below the location
# specified by the path setting. The <scheme> identifies a supported remote
# storage system type, such as S3. The <remote-location-specifier> is a
# string specific to the remote storage system that specifies the location
# of the indexes inside the remote system.
# This is an S3 example: "path = s3://mybucket/some/path".

path = s3://<your S3 bucket and path>

# The following S3 settings are required only if you're using the access and secret
# keys. They are not needed if you are using AWS IAM roles.

remote.s3.access_key = <access key ID>
remote.s3.secret_key = <secret access key>
remote.s3.endpoint = https://s3.<your AWS region>.amazonaws.com

以上

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?