Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder Disk Usage

cymondcuba
New Member
‎10-26-2017 01:18 AM

HI Fellow Splunkers,

Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted to make sure the Forwarder itself doesn't utilize that much of Disk space when installed.

Thanks!

0 Karma
Reply

koshyk
Super Champion
‎10-26-2017 04:12 AM

hi,

If default settings are used assuming full internal log retentions:
- Windows installation disk usage comes around : approx 450MB
- Linux installation disk usage comes around : approx 350MB

If you change the log-local.cfg and change the maxFileSize of each log to 5MB and maxBackupIndex to 1 , you can reduce the size on disk to 180MB ish (This means the splunk internal logs are rotated only once and each file is 5MB from a default of 25MB & 5 rotations)

We have requested specific filesystem for Linux Based clients to have 2GB for /opt/splunkforwarder as a build standard.

Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...