Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Indexing 20gb data

eholz1
Builder
‎03-30-2020 04:17 PM

Hello Members,
We have a requirement to come up with a hardware solution for indexing a relatively small ammount of data.
20 GB per day. I seen considerable documention on the Splunk forum and site. Most infomation is oriented towards
larger amounts of data - I would assume that our disk subsystem run run an less that 800 IOPS.

For reference we would have less than 4 users so we could run a combined instance. Memory would be from 32GB to maybe 128GB, and we should have 8 to 12 cores and 64 bit > 2GHz.

(yes we could virtualize this deployment).

I am open for tips and suggestions,

Eholz1

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎03-31-2020 08:59 AM

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

woodcock
Esteemed Legend
‎03-31-2020 08:59 AM

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

0 Karma
Reply
Solved! Jump to solution

eholz1
Builder
‎03-31-2020 08:59 AM

Hello Woodcock,
Thanks for the link, I will check this out - the info on the link will be helpful.

eholz1

0 Karma
Reply
Solved! Jump to solution

eholz1
Builder
‎03-31-2020 09:04 AM

Hello Woodcock,
another good answer. thanks for replying,
I really appreciate the reponses

0 Karma
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎03-30-2020 07:08 PM

Spin it up in AWS after reading this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-validated-architectures.html

0 Karma
Reply
Solved! Jump to solution

eholz1
Builder
‎03-31-2020 08:44 AM

Exellent link - would like more guidance on disk subsystem for 20gb/per day data, IOPS, etc.
Thanks again

eholz1

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...