Installing Using Containers
CrowdStrike recommends that LogScale is deployed within a container environment, since this provides an environment that enables the cluster to be configured, and scaled, as the size of the data and ingest volume increases.
Important
Production deployments should use the
humio-core (for x86 and arm64)
containers. Production containers require a separate Kafka cluster. Having
Kafka and LogScale on the same host can cause performance issues,
particularly during ingest. Having separate Kafka and Falcon LogScale
containers and clusters enables more flexible and reliable scaling.
CrowdStrike provides the following containers for deploying LogScale:
| Feature |
humio-core
|
humio-single-node-demo
(from v1.134.0)
|
|---|---|---|
| LogScale | Yes | Yes |
| Kafka | Not included | Yes |
| Use for | Production | Testing and Development only |
| Platform | x86 and Arm (from 1.189.0) | x86 |
Important
Arm containers were introduced in LogScale 1.189.0, and required
you to specify an Arm-specific tag for example,
1.195.0--arm64. From version 1.197.0
onwards you no longer need to specify the tag. From 1.197.0 usage is
consistent with the x86 platform container.
To deploy LogScale using either container:
humio-coreincludes LogScale and a JDK suitable for deployment in production environments. This method of deployment will require a separate deployment of a Kafka cluster.To deploy a Kafka cluster using containers, see Deploying a Kafka Cluster using Containers.
To deploy a LogScale cluster in production that uses a separate Kafka cluster, see Using
humio-core.humio-single-node-demo(calledhumioon older versions of LogScale) includes LogScale, Kafka and a JDK for deployment during testing or development. This method of deployment is self contained but should not be used in production deployments.To deploy a LogScale using this method, see Using
humio-single-node-demo(Testing Only).Kubernetes Reference Architecture describes the reference architecture designs for deploying LogScale in different Kubernetes environments such as Amazon Web Services (AWS) and Google Cloud Platform (GCP).
Install Humio Operator on Kubernetes Describes how to deploy LogScale within a native Kubernetes environment, and using Humio Operator, an automated tool that deploys, scales, and manages LogScale deployments:
AWS Reference Architecture Provides information on the deployment within Amazon Web Services using AWS Terraform.
Google Cloud Platform (GCP) Reference Architecture Provides instructions on deployment within Google Cloud Platform.
You also need to make sure the operating system kernel is correctly configured. This is described in the Kernel Configuration section of the documentation.
Container Deployment
Kubernetes Reference Architecture
You should deploy LogScale containers using Kubernetes, as Kubernetes provides a convenient way to start, stop, restart and scale containers. This section explains the reference architecture for self-hosted deployment using Kubernetes, including detail on self-hosted, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.
For a basic container-based cluster deployment, including deployment of a Kafka cluster.
Using
humio-single-node-demo(Testing Only)For development and testing, a single container with everything needed to run LogScale. Not supported for production deployments.