Solved: Re: Indexing 20gb data

eholz1 · ‎03-30-2020

Hello Members,
We have a requirement to come up with a hardware solution for indexing a relatively small ammount of data.
20 GB per day. I seen considerable documention on the Splunk forum and site. Most infomation is oriented towards
larger amounts of data - I would assume that our disk subsystem run run an less that 800 IOPS.

For reference we would have less than 4 users so we could run a combined instance. Memory would be from 32GB to maybe 128GB, and we should have 8 to 12 cores and 64 bit > 2GHz.

(yes we could virtualize this deployment).

I am open for tips and suggestions,

Eholz1

woodcock · ‎03-31-2020

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

View solution in original post

woodcock · ‎03-31-2020

Splunk guidance is clear here. It doesn't really depend on data velocity: MINIMUM of 800 IOPS:
https://docs.splunk.com/Documentation/Splunk/latest/Capacity/Referencehardware

eholz1 · ‎03-31-2020

Hello Woodcock,
Thanks for the link, I will check this out - the info on the link will be helpful.

eholz1

eholz1 · ‎03-31-2020

Hello Woodcock,
another good answer. thanks for replying,
I really appreciate the reponses

woodcock · ‎03-30-2020

Spin it up in AWS after reading this:
https://www.splunk.com/en_us/blog/tips-and-tricks/splunk-validated-architectures.html

eholz1 · ‎03-31-2020

Exellent link - would like more guidance on disk subsystem for 20gb/per day data, IOPS, etc.
Thanks again

eholz1

Indexing 20gb data

workload management

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Indexing 20gb data

workload management

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!