Deployment Architecture

Indexing 20gb data

eholz1
Contributor

Hello Members,
We have a requirement to come up with a hardware solution for indexing a relatively small ammount of data.
20 GB per day. I seen considerable documention on the Splunk forum and site. Most infomation is oriented towards
larger amounts of data - I would assume that our disk subsystem run run an less that 800 IOPS.

For reference we would have less than 4 users so we could run a combined instance. Memory would be from 32GB to maybe 128GB, and we should have 8 to 12 cores and 64 bit > 2GHz.

(yes we could virtualize this deployment).

I am open for tips and suggestions,

Eholz1

Labels (1)
0 Karma
1 Solution

woodcock
Esteemed Legend

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

View solution in original post

0 Karma

woodcock
Esteemed Legend

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

0 Karma

eholz1
Contributor

Hello Woodcock,
Thanks for the link, I will check this out - the info on the link will be helpful.

eholz1

0 Karma

eholz1
Contributor

Hello Woodcock,
another good answer. thanks for replying,
I really appreciate the reponses

0 Karma

woodcock
Esteemed Legend
0 Karma

eholz1
Contributor

Exellent link - would like more guidance on disk subsystem for 20gb/per day data, IOPS, etc.
Thanks again

eholz1

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...