Solved: Indexing 20gb data

eholz1 · ‎03-30-2020

Hello Members,
We have a requirement to come up with a hardware solution for indexing a relatively small ammount of data.
20 GB per day. I seen considerable documention on the Splunk forum and site. Most infomation is oriented towards
larger amounts of data - I would assume that our disk subsystem run run an less that 800 IOPS.

For reference we would have less than 4 users so we could run a combined instance. Memory would be from 32GB to maybe 128GB, and we should have 8 to 12 cores and 64 bit > 2GHz.

(yes we could virtualize this deployment).

I am open for tips and suggestions,

Eholz1

woodcock · ‎03-31-2020

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

View solution in original post

woodcock · ‎03-31-2020

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

eholz1 · ‎03-31-2020

Hello Woodcock,
Thanks for the link, I will check this out - the info on the link will be helpful.

eholz1

eholz1 · ‎03-31-2020

Hello Woodcock,
another good answer. thanks for replying,
I really appreciate the reponses

woodcock · ‎03-30-2020

Spin it up in AWS after reading this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-validated-architectures.html

eholz1 · ‎03-31-2020

Exellent link - would like more guidance on disk subsystem for 20gb/per day data, IOPS, etc.
Thanks again

eholz1

Indexing 20gb data

workload management

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor