Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder Disk Usage

cymondcuba
New Member
‎10-26-2017 01:18 AM

HI Fellow Splunkers,

Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted to make sure the Forwarder itself doesn't utilize that much of Disk space when installed.

Thanks!

0 Karma
Reply

koshyk
Super Champion
‎10-26-2017 04:12 AM

hi,

If default settings are used assuming full internal log retentions:
- Windows installation disk usage comes around : approx 450MB
- Linux installation disk usage comes around : approx 350MB

If you change the log-local.cfg and change the maxFileSize of each log to 5MB and maxBackupIndex to 1 , you can reduce the size on disk to 180MB ish (This means the splunk internal logs are rotated only once and each file is 5MB from a default of 25MB & 5 rotations)

We have requested specific filesystem for Linux Based clients to have 2GB for /opt/splunkforwarder as a build standard.

Reply
Get Updates on the Splunk Community!

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

For Splunk Cloud customers, understanding and optimizing Splunk Virtual Compute (SVC) usage and resource ...

Automatic Discovery Part 3: Practical Use Cases

If you’ve enabled Automatic Discovery in your install of the Splunk Distribution of the OpenTelemetry ...