Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Partitioning

sullivans
New Member
‎06-19-2013 10:15 AM

Greetings,

I'm setting up Splunk on a Windows Server 2008 box with a 8 drives in a RAID 10. I am curious if it is better to use a single disk partition or if there is an advantage to breaking up the drives into 2 partitions (one for the OS/Apps and one for data).

Splunk documentation seems to indicate a single disk partition is preferred. This is an excerpt :

Splunk can use multiple disks and
partitions for its index data. It's
possible to configure Splunk to use
many disks/partitions/filesystems on
the basis of multiple indexes and
bucket types, so long as you mount
them correctly and point to them
properly from indexes.conf. However,
we recommend that you use a single
high performance file system to hold
your Splunk index data for the best
experience.

Is there any advantage of using two disk partitions over one?

Thanks!

0 Karma
Reply

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎11-16-2015 11:03 AM

Hi,
Splunk does not enforce or recommend a specific partitioning.

Usually from an operations point of view you seperate operating system stuff from data.

So create a single RAID1 for OS+Splunk basic stuff and put the indexes on a seperate RAID10 which is able to deliver 800IOPS+.

http://docs.splunk.com/Documentation/Splunk/latest/Capacity/IntroductiontocapacityplanningforSplunkE...

HTH,

Holger

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...