Installation

Are there minimum specs for a Splunk Proof of Concept (POC)?

daveygillum
New Member

We are currently looking at Splunk as a tactical monitoring and alerting solution for a low-volume file/folder integration. We want to set up a Proof of Concept in a Test Environment, however, the minimum specs detailed on the Splunk site go way beyond the spec of a typical VM here.

The interface we are monitoring will only be around 5Mb of data per day (multiple small files). I appreciate this is "small potatoes" for Splunk, and we will be looking at other things we can do with the tool. My client is running a fairly low volume estate, so we will never be looking at the 100s of GBs of data described in the Splunk specifications. It's more around capability than capacity we are interested.

Can I have any advice on setting up small instances of Splunk, and if we don't match the "minimum spec" suggested, are we still supported if we choose to go with the product?

Labels (1)
0 Karma

jagadeeshm
Contributor

Did I read it right? 5MB data per day?

If yes, you can most certainly live with just 1 VM where you can have standalone installation of Splunk acting both as search head and indexer. But usually, standalone installations are not recommended in Production environments for several reasons. But it all depends on how much data you are planning to ingest in Production, number of users, number of dashboards/panels they may be creating etc. Because all the searches in Splunk Search Head utilizes a CPU core per search, which can tweaked.

For a standalone Splunk Installation, I recommend the following -
8 core CPU
8 GB RAM
50 GB harddisk.
But remember, with 8 core CPU, you will soon hit the limits on how may current searches you can perform.

But if you are planning for Production I would recommend following Hardware Reference doc from Splunk.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I've had successful Splunk POCs using small VMs. They were slow, but speed wasn't the point. Four CPUs should be enough.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...