Skip to main content
Version: 2.11.2

Deployment Scenarios

This section describes the different deployments you can use to accomplish your organizations' unique needs and goals.

The scenarios outlined below are presented as deployment guidelines for you to consider taking into account your current infrastructure and Splunk deployment. Although you could configure your NetFlow and AWS VPC Flow logs collection exactly as presented in one of the scenarios, these configurations are flexible and can be adjusted to match your needs and hardware resources.

Even though these scenarious show deployments with AWS, the same concepts can be applied to deployments for Microsoft Azure and Google Cloud Platform.

Scenario 1

You have Splunk Enterprise in your data center, you want to collect *flows from your network devices and AWS VPC Flow logs

  1. Install NFO/EDFN in your data center
  2. Configure NFO/EDFN VPC Flow logs access with at least one AWS account
  3. Configure NFO output to send data to Splunk Enterprise

Or

  1. Install NFO/EDFN in your data center
  2. Install another EDFN instance in AWS
  3. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles
  4. Configure NFO output to send data to Splunk Enterprise

Scenario 2

You have Splunk Cloud, you want to collect *flows from your network devices in your data center and AWS VPC Flow logs

  1. Install NFO/EDFN in your data center
  2. Configure NFO/EDFN VPC Flow logs access with at least one AWS account
  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Or

  1. Install NFO/EDFN in your data center
  2. Install another EDFN instance in AWS
  3. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles
  4. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Scenario 3

You have Splunk Cloud, you only want to collect AWS VPC Flow logs

  1. Install NFO/EDFN and Splunk Forwarder in your AWS environment
  2. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles
  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Cloud

Scenario 4

You have Splunk Enterprise, you only want to collect AWS VPC Flow logs

  1. Install NFO/EDFN and Splunk Forwarder in your AWS environment
  2. Configure NFO/EDFN VPC Flow logs access with AWS accounts or AWS roles
  3. Configure NFO output to send data to Splunk Forwarder, and Splunk Forwarder to send data to Splunk Enterprise