All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

New deployment need advice/guidance

haleyh44
Path Finder
‎10-25-2021 05:32 AM

I am completely new to splunk and have to deploy it in our environment. Can i get some guidance on best practices for deployment?

I have 3 physical CentOS boxes.

What would you set each on up with?

 Splunk1 - configured RAID 10 - 5 TBssd

Splunk2 -  500 GB ssd

Splunk3 - 500GB ssd

Any advice is appreciated, thanks!

Labels (2)
Labels
0 Karma
Reply

alonsocaio
Contributor
‎10-25-2021 06:08 AM

Hi @haleyh44,

There are several docs from Splunk that can help you to validate your deployment:

I suggest you to take a look first at System and Hardware Requirements docs: System Requirements and Reference Hardware

Also, there is a complete guide on Splunk validated architectures: Splunk Validated Architectures 

But mostly important, I would suggest you to first understand your Splunk use case, such as how much data you plan to ingest daily, how many users are going to actively use your Splunk deployment, how many searches and scheduled searches you plan to run daily, and so on. This will help you to size your environment properly.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-25-2021 05:47 AM

The architecture depends highly on projected usage and utilisation. So it's hard to advise without knowing your needs.

Oh, and this is a wrong forum section. It's a topic for Deployment Architecture, not for Apps and Add-ons.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...