I am completely new to splunk and have to deploy it in our environment. Can i get some guidance on best practices for deployment?
I have 3 physical CentOS boxes.
What would you set each on up with?
Splunk1 - configured RAID 10 - 5 TBssd
Splunk2 - 500 GB ssd
Splunk3 - 500GB ssd
Any advice is appreciated, thanks!
Hi @haleyh44,
There are several docs from Splunk that can help you to validate your deployment:
I suggest you to take a look first at System and Hardware Requirements docs: System Requirements and Reference Hardware
Also, there is a complete guide on Splunk validated architectures: Splunk Validated Architectures
But mostly important, I would suggest you to first understand your Splunk use case, such as how much data you plan to ingest daily, how many users are going to actively use your Splunk deployment, how many searches and scheduled searches you plan to run daily, and so on. This will help you to size your environment properly.
The architecture depends highly on projected usage and utilisation. So it's hard to advise without knowing your needs.
Oh, and this is a wrong forum section. It's a topic for Deployment Architecture, not for Apps and Add-ons.