Installing Using Containers
CrowdStrike recommends that LogScale is deployed within a container environment, since this provides an environment that enables the cluster to be configured, and scaled, as the size of the data and ingest volume increases.
Important
Production deployments should use the
humio-core (for x86 and arm64)
containers. Production containers require a separate Kafka cluster. Having
Kafka and LogScale on the same host can cause performance issues,
particularly during ingest. Having separate Kafka and Falcon LogScale
containers and clusters enables more flexible and reliable scaling.
CrowdStrike provides the following containers for deploying LogScale:
| Feature |
humio-core
|
humio
| |
|---|---|---|---|
| LogScale | Yes | Yes | |
| Kafka | Not included | Yes | |
| Use for | Production | Testing and Development only | |
| Platform | x86 | x86 |
To deploy LogScale using either container:
humio-coreincludes LogScale and a JDK suitable for deployment in production environments. This method of deployment will require a separate deployment of a Kafka cluster.To deploy a Kafka cluster using containers, see Deploying a Kafka Cluster using Containers.
To deploy a LogScale cluster in production that uses a separate Kafka cluster, see Using
humio-core.humio-single-node-demo(calledhumioon older versions of LogScale) includes LogScale, Kafka and a JDK for deployment during testing or development. This method of deployment is self contained but should not be used in production deployments.To deploy a LogScale using this method, see Using
humio(Testing Only).LogScale Kubernetes Reference Architecture describes the reference architecture designs for deploying LogScale in different Kubernetes environments such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).
Install Humio Operator on Kubernetes Describes how to deploy LogScale within a native Kubernetes environment, and using Humio Operator, an automated tool that deploys, scales, and manages LogScale deployments:
AWS Cloud Reference Architecture Provides information on the architecture for deployment within Amazon Web Services
AWS Cloud Reference Deployment and Automation Provides information on the deployment within Amazon Web Services using AWS Terraform.
Deploying LogScale with Operator on Google Cloud Platform (GCP) Provides instructions on deployment within Google Cloud Platform.
You also need to make sure the operating system kernel is correctly configured. This is described in the Kernel Configuration section of the documentation.
Container Deployment
LogScale Kubernetes Reference Architecture
You should deploy LogScale containers using Kubernetes, as Kubernetes provides a convenient way to start, stop, restart and scale containers. This section explains the reference architecture for self-hosted deployment using Kubernetes, including detail on self-hosted, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.
For a basic container-based cluster deployment, including deployment of a Kafka cluster.
For development and testing, a single container with everything needed to run LogScale. Not supported for production deployments.