Re: Splunk Enterprise Installation Minimum Require...

mohsplunking

Hello Splunkers,

I need some help to understand what will be the minimum spects required for Splunk Enterprise Installation for the purpose Heavy Forwarder where only it will receive logs from 1 source over Syslog and forward to Indexers. Can I just use 2 CPU's 8 GB RAM and storage based of estimation of the log file sizes. I'm asking this because the official guide says it should be minimum 12 GB RAM , 4 Cores CPU.

Please if someone can advise on this.

Thanking you in advance,

Moh....

richgalloway

Splunk advises AGAINST sending syslog directly to a Splunk Instance. The preferred practice is to send to a dedicated syslog server (rsyslog or syslog-ng) and forward to Splunk from there. Alternatively, you can use Splunk Connect for Syslog (SC4S).

You can use any amount of resources you wish. If there is a problem, however, Splunk Support may require you meet the recommended hardware specifications before they provide further support.

---
If this reply helps you, Karma would be appreciated.

isoutamo

As @richgalloway said don’t use splunk to terminate syslog feed. When you are using real syslog server then it’s better to use UF instead of HF to send those forward. Or use SC4S especially if you haven’t experience of running syslog server.

Splunk Enterprise Installation Minimum Requirement

heavy forwarder

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

Incident Response: Reduce Incident Recurrence with Automated Ticket Creation