Universal Forwarder Disk Usage

cymondcuba · ‎10-26-2017

HI Fellow Splunkers,

Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted to make sure the Forwarder itself doesn't utilize that much of Disk space when installed.

Thanks!

koshyk · ‎10-26-2017

hi,

If default settings are used assuming full internal log retentions:
- Windows installation disk usage comes around : approx 450MB
- Linux installation disk usage comes around : approx 350MB

If you change the log-local.cfg and change the maxFileSize of each log to 5MB and maxBackupIndex to 1 , you can reduce the size on disk to 180MB ish (This means the splunk internal logs are rotated only once and each file is 5MB from a default of 25MB & 5 rotations)

We have requested specific filesystem for Linux Based clients to have 2GB for /opt/splunkforwarder as a build standard.

Universal Forwarder Disk Usage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

Universal Forwarder Disk Usage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

[Puzzles] Solve, Learn, Repeat: Matching cron expressions