Splunk POD overview

Splunk POD is a standardized software and hardware solution that deploys Splunk Enterprise in a resilient Kubernetes cluster on Cisco UCS servers. Available in multiple sizing options, Splunk POD simplifies on-premises deployments by streamlining procurement and setup, so you can realize insights from your data more quickly.

Built on a performance-tested reference architecture, Splunk POD uses the Splunk Operator for Kubernetes (SOK) and the Kubernetes Installer to automate deployment. Cisco support provides a single point of contact for both the Splunk POD hardware and software, simplifying troubleshooting and reducing operational overhead.

Key features of Splunk POD

• Pre-validated configurations: Available in Small (500 GB/day), Medium (1 TB/day), and Large (2.5 TB/day) ingestion sizes to help you select the right size without guesswork.
• Semi-automated deployment: Speeds up installation by automating Kubernetes and Splunk Enterprise setup on Cisco UCS hardware.
• Unified Cisco support: Simplifies support with one contact for hardware and software issues.

Benefits

• Reduced complexity: Minimize operational overhead and deployment risk.
• Appliance-like experience: Deploy a consistent, pre-validated solution.
• Faster insights: Accelerate threat detection and data analysis. Focus on results, not infrastructure.
• Rapid response: Enable faster incident response and broader security coverage.
• Single-vendor support: Eliminate the delays of managing multiple vendors.

Get started with Splunk POD

• Review system components and available sizing options in Splunk POD architecture.
• Verify OS, hardware, network, and storage prerequisites in Splunk POD requirements.
• Create a cluster configuration file and run the Kubernetes installer to Deploy Splunk POD.
• Configure Network routing and ingress for data access and ingestion.
• Access Splunk Web, install and update apps, and configure data ingestion in Manage Splunk POD.