Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Are these search head hardware specs sufficient for disk usage with search acceleration, summaries, and search head clustering?

jackgordon
New Member
‎02-11-2016 10:11 AM

The reference hardware for a Splunk Search Head (as of Feb 2016) recommends the following:

2 x 300GB, 10,000 RPM SAS hard disks, configured in RAID 1

Will this actually be sufficient for multiple TB/day of data when there are many accelerated searches and summaries? With Search Head clustering?

I'm thinking at least 3 Search Heads for around 3/TB of data/day, but the size of the disks recommended concern me.

I know it's a moving target with a lot of caveats, so how does one approach sizing Search Head disk utlization?

0 Karma
Reply

jplumsdaine22
Influencer
‎02-15-2016 10:23 AM

The amount of TB a day should not impact the search head - rather its the number of searches that will be run that will make a difference. How many users and searches will you have is a more important question unless ou're planning to do the indexing and searching on the same server, in which case - you're crazy 🙂

At that level of licensing your splunk sales rep should be very friendly indeed - give Splunk a call they should be able to give you some good suggestions that they then will be on the hook for !

Also if this is a fresh installation, look at search head clustrering from the start - you may want to think about a larger pool of less capable servers

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...