Installation

How do I scale my Splunk deployment to account for rising demand in indexing volume?

vanderaj2
Path Finder

Hi Splunkers,

My program is considering adding 600 more Linux UF endpoints to our current Splunk deployment (we have ~450 total UF endpoints now), and they're asking for a "wish list" of resources to support the additional volume.

I have a pretty good idea of my licensing needs, and I've been using the Splunk online sizing tool to figure out how much additional disk capacity we need (based on our retention policies).

Is there also a good sizing tool or document out there to help me figure out whether I need to increase RAM/CPU on my indexers, and possibly add another indexer? (and maybe add another deployment server)

Just FYI - I currently have a 2 indexer cluster. Each indexer has 16 cores, 31 GB RAM

Labels (1)
0 Karma

gjanders
SplunkTrust
SplunkTrust

somesoni2 has already linked to it but the Splunk Capacity Planning manual is what you want to refer to...

0 Karma

DalJeanis
Legend

Did you mean another search head? A second deployment server doesn't seem to make sense in context.

0 Karma

somesoni2
Revered Legend

He may be asking as number of clients are increasing too. @vanderaj2,, you can see great discussion in this post to understand the H/W requirement and suggested Deployment client load for Deployment servers here.

0 Karma

vanderaj2
Path Finder

Yep! that was exactly why I mentioned the deployment server. That discussion thread was very helpful -- thank you somesoni2!

0 Karma

somesoni2
Revered Legend
0 Karma

vanderaj2
Path Finder

Very helpful!! Thank you sir.

0 Karma
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...