Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Indexer Sizing

msaleh7422
Engager
‎01-28-2026 02:23 AM

We would like your guidance on how to calculate the required number of Splunk indexers for our environment.

Currently, our estimated data ingestion rate is approximately 1 TB per day. We would appreciate it if you could advise on:

  • The recommended number of indexers needed for this ingestion volume

  • I Have multi site deployment
    #splunk
Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-28-2026 09:17 AM

This is the kind of question you go to your local friendly Splunk Partner with, not some randoms on the internet.

There are many factors possibly affecting your environment size and overall architecture - search load, retention, HA requirements...

And if someone here tells you "you need 3 indexers" will you run and issue a procurement order based on this? And what if it happens to be undersized? Or the opposite - it will turn out to be mostly idle and you have paid throught the nose for the hardware?

 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎01-28-2026 05:59 AM

Hi @msaleh7422 ,

a quick and dirty evaluation is:

  • one indexer every 200 GB/day og ingestion if you haven't a Premium App (ES or ITSI),
  • one indexer every 100-150 GB/day og ingestion if you have a Premium App (ES or ITSI).

in this second case, in ES training is described to use one indexer every 80 GB/day, but 100-150 GB/day is more correct value.

About CPUs, RAM and storage, you need a Capacity Plan that is very difficoult to do in Community: you need a Splunk Architect from a Splunk Partner.

Ciao.

 Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...