Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk on AWS EC2

garfieldconnoll
Explorer
‎09-09-2010 07:23 PM

Hi,

We're working with Splunk on Amazon's EC2 service (Ubuntu).

At the moment we're working off a standard instance, at 10cent per hour.

I was going to upgrade to a high CPU medium instance, at 20cent per hour.

With AWS' announcement today regarding micro instances, I was wondering.....

"Am I better with 1 high CPU medium instance, 2 standard instances, or 10 micro instances?"

Okay, so there's a strong "string L=N, derive N" element to the question. But if I had to choose a route, any suggestions?

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎09-09-2010 08:55 PM

When in AWS, I would recommend scaling using units of the High-CPU XL instances. It seems like you need less capacity than this, but of the choices, I am pretty sure the 10 micro instances will be unsuitable and clumsy for a typical Splunk workload. I think the Standard Small is also too small, even with two of them, as you are limited to just one core per machine. Between the Standard Large and the High-CPU Large, I might go with the High-CPU, unless you plan to store you indexes on the instance rather than on EBS, in which case the additional space on the Standard might count for more.

View solution in original post

Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎09-09-2010 08:55 PM

When in AWS, I would recommend scaling using units of the High-CPU XL instances. It seems like you need less capacity than this, but of the choices, I am pretty sure the 10 micro instances will be unsuitable and clumsy for a typical Splunk workload. I think the Standard Small is also too small, even with two of them, as you are limited to just one core per machine. Between the Standard Large and the High-CPU Large, I might go with the High-CPU, unless you plan to store you indexes on the instance rather than on EBS, in which case the additional space on the Standard might count for more.

Reply
Solved! Jump to solution

garfieldconnoll
Explorer
‎09-20-2010 07:36 PM

Able to thank gkanapathy's response now, so doing so!

0 Karma
Reply
Solved! Jump to solution

garfieldconnoll
Explorer
‎09-09-2010 10:19 PM

Thanks for that. I'd +1 the post, but I don't have permission yet. We don't have a lot of data, but may have a disproportionate number of users for the amount of indexed data. Apologies if I have the 'wrong end of the stick' on that.

Regards,

G.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...