I am into advanced dashboard currently. In my rece...

abhi04 · ‎03-24-2018

I am into advanced dashboard currently. In my recent interview I have been asked about the architecture including the Cpu,memory and IPs for 2 TErabyte of data for splunk.How should I answer that?

tiagofbmm · ‎03-24-2018

Well the 2TB of data itself is not a main concern here.

You should have asked about daily ingestion rate and what kind of data sources that intend to ingest. With that in mind, Splunk recommends one Indexer per 250Gb of data ingested daily. That indexer would need minimum 12GB Ram, 800 IOPS and 1 x 12 Cores at 2+GHz per core

About OS, a Windows or Linux 64 bits.

To get the most IOPS, choose drives with high rotational speeds and low average latency and seek times.

For Search Heads, Splunk recommends 4x4Cores at 2GHz (10-12 concurrent jobs), 16GB RAM. Notice also that the sizing depends mainly on the Number of searches, users, summarization/acceleration jobs, real time searches, etx

tiagofbmm · ‎03-25-2018

Please let me know if the answer was useful for you. If it was, accept it and upvote. If not, give us more input so we can help you with that

I am into advanced dashboard currently. In my recent interview I have been asked about the architecture including the Cpu,memory and IPs for 2 TErabyte of data for splunk.How should I answer that?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

I am into advanced dashboard currently. In my recent interview I have been asked about the architecture including the Cpu,memory and IPs for 2 TErabyte of data for splunk.How should I answer that?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!