Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What are recommended specs for a virtual host for our multisite sandbox environment?

avisram
Path Finder
‎02-03-2016 09:04 AM

Hi there,

I've been tasked with building a Splunk Enterprise 6.3 multisite virtual environment sandbox. The environment is to consist of the following Splunk instances:

  • 5 search heads in a search head cluster
  • 7 indexers (3 sites x 2 indexers + 1 cluster master)
  • 1 combined deployment server, license master, deployer
  • 2 forwarders installed on Linux images

In addition to the above instances, the virtual host should also be able to accommodate a separate distributed search environment consisting of:

  • 1 search head (also acting as deployment server and license master)
  • 2 indexers
  • 2 forwarders installed on Linux images

So in all, a total of 20 virtual instances will be hosted. As this is a sandbox environment, the volume of data being forwarded/indexed will be minimal - definitely less than 10GB/day if that. We will be using VirtualBox for the images with CentOS 7 - minimal as the operating system on the images.

Given the above criteria, I need to procure the machine that will host all of these images. Specifically I need to know:

  1. Recommended processor.
  2. Number of CPUs/cores required
  3. Minimum clock-speed
  4. RAM
  5. Number of hard drives required
  6. Individual hard drive capacity
  7. Individual hard drive specs
  8. Hard drive RAID configuration

I would also need to know the specifications that the individual CentOS 7 virtual images (for the different types of instances) would require such as:

  1. Allocated RAM
  2. Allocated disk space
  3. Allocated CPU

If I have missed any critical specification then please feel free to add/comment on that also.

Thanks for your assistance.

Amyn

0 Karma
Reply

pgreer_splunk
Splunk Employee
Splunk Employee
‎02-03-2016 04:02 PM

Here's a starting point:

http://docs.splunk.com/Documentation/Splunk/6.3.3/Capacity/Referencehardware

Virtual Hardware section, also a link to a PDF in that section:

http://www.splunk.com/web_assets/pdfs/secure/Splunk_and_VMware_VMs_Tech_Brief.pdf

What I suggest is jotting down the specs you'd like to have based on the recommendations in the documentation listed above for each VM. then with that, tally it all together (total virtual RAM => RAM, total disk, total vCPUs => CPUs) all then tallied to determine what size box(es) you would need to accommodate that type of workload. Not really a tool out there to do that, as architecting something like this is a bit of a skill, art and SWAG.

Reply

avisram
Path Finder
‎02-03-2016 09:36 PM

Thanks pgreer. In looking at the documents referenced the specs are based on production hardware/virtualization. What factor would you use to scale it back for a sandbox environment?

0 Karma
Reply

sdvorak_splunk
Splunk Employee
Splunk Employee
‎02-24-2016 09:13 AM

Avisram, the Tech Brief recommended above is definitely for a production environment. It is probably ideal to have a physical host with at least 20 cores and 256GB RAM for this environment. It's impossible to make a recommendation for storage based on the information provided. Would need to factor how long you plan to retain data in this environment, and work backwards from that (this site might help you: http://splunk-sizing.appspot.com/ ).
If you plan to do multiple physical hosts for this environment, you can probably do smaller core count boxes. If you are building this to perform well, I would need further information to size this.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...