Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What are the system requirements for an AMI Linux VM Heavy forwarder running Splunk 6.2.6?

grimesrichard
New Member
‎05-22-2016 07:21 PM

Hi All,

We are trying to size an AMI Linux VM Heavy Forwarder for a new installation of 6.2.6 and have found the Splunk recommended system requirements of 2x six-core, 2+ GHz CPU, 12 GB RAM at the following link: http://docs.splunk.com/Documentation/Splunk/6.0/Installation/Systemrequirements#Recommended_hardware but there is no specific mention of the requirements for a Heavy Forwarder anywhere that we can find in any Splunk documentation.

We have found high level reference to the fact a forwarder can be of a lower spec that the above as it will not be doing as much indexing as an indexer, but no quantification as to what that less may be...

Any guidance or advice that anyone can provide would be much appreciated.

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

javiergn
Super Champion
‎05-23-2016 01:40 AM

Hi, it all depends on the load and what you are planning to do.

If your heavy forwarder is just doing some basic parsing and forwarding but it's not indexing and searching, you can run it in a much smaller VM.

For instance, one of my customers has more than 20 heavy forwarders and the specs are very different, but they all work fine:

  • From 2x2 cores to 2x4 cores
  • From 4 to 8 GB RAM
  • From 100 to 200 GB allocated to /opt
  • Shared VM resources
  • 1 Gbps network card

Hope that helps,
J

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

javiergn
Super Champion
‎05-23-2016 01:40 AM

Hi, it all depends on the load and what you are planning to do.

If your heavy forwarder is just doing some basic parsing and forwarding but it's not indexing and searching, you can run it in a much smaller VM.

For instance, one of my customers has more than 20 heavy forwarders and the specs are very different, but they all work fine:

  • From 2x2 cores to 2x4 cores
  • From 4 to 8 GB RAM
  • From 100 to 200 GB allocated to /opt
  • Shared VM resources
  • 1 Gbps network card

Hope that helps,
J

0 Karma
Reply
Solved! Jump to solution

grimesrichard
New Member
‎06-15-2016 05:13 PM

Thanks Javiergn,

We ended up using another windows HF spec as a place to start and will monitor performance.

I think your approach to using other working instances as a base for comparison is the best answer at this time so I've accepted your answer.

Apologies for the delay in the response.

Cheers

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...