We are currently running a single-instance of Splunk (1 search, 1 indexer) on a c5.4xlarge AWS EC2 instance in a POC environment. The single-instance specs are as follows:
32 GB Memory
Network Bandwidth: 10 Gbps
EBS Bandwidth: 4.8 Gbps
We have about 5 users concurrently accessing Splunk and executing search queries. Additionally, our Splunk instance is integrated with ServiceNOW for ticket generation, and we're also leveraging the AWS Add-on for Splunk to ingest AWS logs. We are also ingesting MuleSoft logs via an API connector, but shall eventually transition to the Splunk HTTP Event Collector (HEC) to receive the logs through either a push/pull mechanism.
Currently, we are not experiencing any performance issues and are planning to integrate additional apps/add-ons in the future.
Based on the specifications mentioned above, does anyone see potential concerns from a performance/bandwdith standpoint should we proceed with installing and using the Splunk Dashboards App?
the reference hardware seems to be ok for your need but to be more sure, you have to analyze how many searches the five users are running.
You have to remember that every search (and subsearch) take a CPU, so if you have five users that run a dashboard with ten real time searches, your hardware isn't sufficient.
So the best approach is to start with your hardware and analyze the situation using the Splunk Monitoring Console that gives to you a situation of the load of your machine, so you can understand if there are queues or problems.
Put much attention to the IOPS of the storege because the real bottleneck of Splunk is storage: Splunk recommends at least 800 IOPS for the storage.