Dear All:

I want to publish the application to Splunk,but I want to clarify some things,as follows:

1. How to publish your own program to Splunk.

2.What is the query efficiency of the Splunk log interface? For example, if I want to achieve a QPS of 9000, what is the minimum configuration that my machine should meet.

3.What is the minimum configuration that a machine can meet to meet the most basic performance

Thank you~

I'm not sure what you are meaning with "publish your own program to splunk"? If it means Your own Splunk App then you just create it on splunk or install it with Splunk GUI. If you are meaning onboarding logs from your own business system then it depends how those are logging. But basically those are quite simple. Just look if there are already done Splunk App/TA for it on or just do onboarding by yourself of ask some Splunk Partner to do it and train you at same time.

EPS/QPS depends what kind of logs you have and which kind of queries you are doing. Also how much data you are ingesting daily base. If you are setting splunk into on premise or own AWS (etc.) environment, then here is some instructions to select correct hardware If you are going to Splunk Cloud then contact some local Splunk Partner and they will help you to correctly sized SC environment.

Absolute minimum configuration is one server which has both indexer and search head capabilities. But this is totally dependant how much data you are ingesting per day and how many source systems will feed it and how you are managing those. In general cases (more than xx GB/day) I propose separate SH (search head) then 1-2+ node index cluster with manager and separate DS (deployment server) to manage input configurations. Of course if you are using to use Splunk premium apps (like ES or ITSI) then there are some more items which need to take into your calculations.

r. Ismo

