Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Hardware Appliance Reference Architecture SPLUNK

tuts
Path Finder
‎06-10-2024 10:46 AM

Environment requirements according to best practices for large companies in Splunk, installing Splunk ES in it, activating more than 10,000roal, and connecting 4,000 devices. What are the best requirements for RAM, CPU, and storage?

Labels (3)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-10-2024 11:43 AM

Hi @tuts ,

this is a design job for a Certified Splunk Architectnot for the Community!

anyway, there are other parameters to consider:

  • volume of data to daily index,
  •  number of Correlation Search,
  • number of users,
  • HA both on Indexers and Search Heads,
  • DR yes or not (multisite clustering).

Ciao.

Giuseppe

0 Karma
Reply

tuts
Path Finder
‎06-11-2024 12:56 PM

2024-06-11 22_49_35-Incident Review _ Splunk.jpg

 Ok, why when I do the threat type endpoint and high, it considers it threat and low. What is the problem? I hope for an answer.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-12-2024 06:11 AM

Hi @tuts ,

probably you have to tune your Correlation Search, but this seems to be a different question.

Ciao.

Giuseppe

0 Karma
Reply

tuts
Path Finder
‎06-12-2024 07:27 AM

I set the alart to High and security Domaiin = Network, but it appears to me in the Incident Review interface that it is low and security Domaiin = threat, and every event is classified like this, as shown in the attached images.  

2024-06-12 17_21_45-Edit Correlation Search _ Splunk.jpg

2024-06-12 17_22_41-Incident Review _ Splunk.jpg

  

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎06-13-2024 04:43 AM

Hi @tuts ,

there's something wrong in your proceduree, review it step by step, and follow a Splunk Enterprise Security User / Admin training.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Community Feedback

We Want to Hear from You! Share Your Feedback on the Splunk Community   The Splunk Community is built for you ...

Manual Instrumentation with Splunk Observability Cloud: Implementing the ...

In our observability journey so far, we've built comprehensive instrumentation for our Worms in Space ...