Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder Disk Usage

cymondcuba
New Member
‎10-26-2017 01:18 AM

HI Fellow Splunkers,

Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted to make sure the Forwarder itself doesn't utilize that much of Disk space when installed.

Thanks!

0 Karma
Reply

koshyk
Super Champion
‎10-26-2017 04:12 AM

hi,

If default settings are used assuming full internal log retentions:
- Windows installation disk usage comes around : approx 450MB
- Linux installation disk usage comes around : approx 350MB

If you change the log-local.cfg and change the maxFileSize of each log to 5MB and maxBackupIndex to 1 , you can reduce the size on disk to 180MB ish (This means the splunk internal logs are rotated only once and each file is 5MB from a default of 25MB & 5 rotations)

We have requested specific filesystem for Linux Based clients to have 2GB for /opt/splunkforwarder as a build standard.

Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...