Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Indexing 20gb data
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Members,
We have a requirement to come up with a hardware solution for indexing a relatively small ammount of data.
20 GB per day. I seen considerable documention on the Splunk forum and site. Most infomation is oriented towards
larger amounts of data - I would assume that our disk subsystem run run an less that 800 IOPS.
For reference we would have less than 4 users so we could run a combined instance. Memory would be from 32GB to maybe 128GB, and we should have 8 to 12 cores and 64 bit > 2GHz.
(yes we could virtualize this deployment).
I am open for tips and suggestions,
Eholz1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Woodcock,
Thanks for the link, I will check this out - the info on the link will be helpful.
eholz1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Woodcock,
another good answer. thanks for replying,
I really appreciate the reponses
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Spin it up in AWS after reading this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-validated-architectures.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Exellent link - would like more guidance on disk subsystem for 20gb/per day data, IOPS, etc.
Thanks again
eholz1
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
