https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543855#M18650 <P>Thanks,</P><P>I wanted to clarify one more thing. Our vendor is providing us the CPU with 3.2 GHz, I have reviewed one document for Splunk stating that the requirements is 2 GHz. Will this reduce the amount of required cores?</P> Mon, 15 Mar 2021 12:57:17 GMT rami1918 2021-03-15T12:57:17Z https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543306#M18632 <P>Hi,</P><P>We are planning to move our Splunk environment to our Nutanix infrastructure. We expect our collected logs to be 20-30 GB/Day and Splunk is mainly used as a SIEM solutions where around 4 users are accessing concurrently</P><P>We had some internal discussions, and I wanted to understand if we can use less resources than the mentioned below to run Splunk+ES, and if any one is running a similar setup can share the used hardware specs</P><P>Search head 24vCPU, 32GB<BR />ES search head 24vCPU, 32GB<BR />Indexer 24vCPU, 32GB<BR />License + Deployment 12vCPU, 16GB</P><P>Thanks</P> Thu, 11 Mar 2021 05:51:10 GMT https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543306#M18632 rami1918 2021-03-11T05:51:10Z https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543325#M18635 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/197857">@rami1918</a>,</P><P>the minimum requirent6es for Enterprise Security installation is:</P><TABLE><TBODY><TR><TD>Search head</TD><TD>16 cores</TD><TD>32GB</TD></TR><TR><TD>Indexer</TD><TD>16 cores</TD><TD>32GB</TD></TR></TBODY></TABLE><P>As you can see at&nbsp;<A href="https://docs.splunk.com/Documentation/ES/6.5.0/Install/DeploymentPlanning" target="_blank">https://docs.splunk.com/Documentation/ES/6.5.0/Install/DeploymentPlanning</A></P><P>But I hint to use more CPUs especially if you have to enable many scheduled searches, so I think that it's better to use the configuration you proposed.</P><P>Eventually you could reduce RAM for the Deployment Server to 12 GB and analyze the Apps to install in the other Search Head to understand if you can reduce something in that installation, but don't reduce ES Search Head and Indexer.</P><P>Maintaining the same use of CPUs probably (you can understand this only after the analysis I hinted) it's better to reduce the CPUs and RAM on the first Search Head and put those resources in the ES Search Head and Indexer.</P><P>Ciao.</P><P>Giuseppe</P> Thu, 11 Mar 2021 07:45:46 GMT https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543325#M18635 gcusello 2021-03-11T07:45:46Z https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543855#M18650 <P>Thanks,</P><P>I wanted to clarify one more thing. Our vendor is providing us the CPU with 3.2 GHz, I have reviewed one document for Splunk stating that the requirements is 2 GHz. Will this reduce the amount of required cores?</P> Mon, 15 Mar 2021 12:57:17 GMT https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543855#M18650 rami1918 2021-03-15T12:57:17Z https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543859#M18651 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/197857">@rami1918</a>,</P><P>No I don't think!</P><P>Ciao.</P><P>Giuseppe</P> Mon, 15 Mar 2021 13:35:51 GMT https://community.splunk.com/t5/Deployment-Architecture/Hardware-Requirements-for-30GB-Day/m-p/543859#M18651 gcusello 2021-03-15T13:35:51Z