New deployment need advice/guidance

haleyh44 · ‎10-25-2021

I am completely new to splunk and have to deploy it in our environment. Can i get some guidance on best practices for deployment?

I have 3 physical CentOS boxes.

What would you set each on up with?

Splunk1 - configured RAID 10 - 5 TBssd

Splunk2 - 500 GB ssd

Splunk3 - 500GB ssd

Any advice is appreciated, thanks!

alonsocaio · ‎10-25-2021

Hi @haleyh44,

There are several docs from Splunk that can help you to validate your deployment:

I suggest you to take a look first at System and Hardware Requirements docs: System Requirements and Reference Hardware

Also, there is a complete guide on Splunk validated architectures: Splunk Validated Architectures

But mostly important, I would suggest you to first understand your Splunk use case, such as how much data you plan to ingest daily, how many users are going to actively use your Splunk deployment, how many searches and scheduled searches you plan to run daily, and so on. This will help you to size your environment properly.

PickleRick · ‎10-25-2021

The architecture depends highly on projected usage and utilisation. So it's hard to advise without knowing your needs.

Oh, and this is a wrong forum section. It's a topic for Deployment Architecture, not for Apps and Add-ons.

New deployment need advice/guidance

configuration

installation

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!