Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Planning new Splunk Architecture- placing Syslog-ng on same machine as Heavy Forwarder okay?

ojay
Path Finder
‎02-08-2022 01:28 AM

Hi,

I'm planning a new splunk architecture and was thinking about placing the syslog-ng on the same virtual machine as the Heavy Forwarder to read the files locally.

  • How will a large data volume impact the performance or stability?
  • What do i need to consider for memory and diskspace if i combine?
  • When is this advised to seperate to a dedicated syslog-ng server?
  • Will a dedicated syslog-ng server allow for more syslog traffic?
  • Would it be beneficial to install a Universal Forwarder on the HF for local file reading? Is it more advised for better data buffering?

Thank you,

Jay

0 Karma
Reply
Get Updates on the Splunk Community!

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...