Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

SQL Server dedicated for Splunk

eantonio
Path Finder
‎09-15-2011 02:26 PM

Does Splunk need a dedicated SQL Server to manage the data? Can the SQL Database be in the same server as Splunk instance is installed?

Reply
1 Solution
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎09-15-2011 03:04 PM

Splunk does not use a Relational Database to store and manage its data.
It uses flat files on the file system called "Indexes".

http://docs.splunk.com/Documentation/Splunk/latest/Admin/WhatsaSplunkindex

View solution in original post

Reply
Solved! Jump to solution

rajbahak
Path Finder
‎12-15-2011 11:38 AM

Hello,

What if we want to host the splunk data on a SQL database? Is it possible to do that?

If so, does Splunk support sql databases that are hosted centrally on a SAN?

Thanks

0 Karma
Reply
Solved! Jump to solution

gekoner
Communicator
‎12-15-2011 12:42 PM

You can, but be sure your device and connection meets the minimum IOPS. Otherwise your instance will have many problems.

0 Karma
Reply
Solved! Jump to solution

rajbahak
Path Finder
‎12-15-2011 12:23 PM

thanks for your reply. That really helps. You mentioned we could store the index files just about anywhere, but I read in the admin guide and splunk doesn't recommend using mapped network drives.

We should be able to use mounted volumes off a SAN correct?

Thanks again

0 Karma
Reply
Solved! Jump to solution

rtadams89
Contributor
‎12-15-2011 12:11 PM

No. Splunk cannot use any sort of external/3rd party database for storing the indexed data. However, you can store the index files Splunk uses just about anywhere.

Reply
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎09-15-2011 03:04 PM

Splunk does not use a Relational Database to store and manage its data.
It uses flat files on the file system called "Indexes".

http://docs.splunk.com/Documentation/Splunk/latest/Admin/WhatsaSplunkindex

Reply
Solved! Jump to solution

rataide
Path Finder
‎09-16-2011 06:51 AM

You can find some sizing guidelines at http://www.splunk.com/wiki/Community:HardwareTuningFactors

0 Karma
Reply
Solved! Jump to solution

Ayn
Legend
‎09-16-2011 06:48 AM

All correct. Well what type of config like RAID you use is up to you, but yes, all you need is a host with disk space.

0 Karma
Reply
Solved! Jump to solution

eantonio
Path Finder
‎09-16-2011 06:40 AM

To clarify, Splunk does not use a SQL database to store and manage the data? If I were to build a Splunk server, I just need to make sure I have a Raid 10 config and make sure the hard drive space is big enough to hold all incoming data, and then install Splunk in that server?

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎09-15-2011 05:46 PM

And to clarify, Splunk is the data server (among other things), so no additional server is required

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...