You can, but be sure your device and connection meets the minimum IOPS. Otherwise your instance will have many problems.

thanks for your reply. That really helps. You mentioned we could store the index files just about anywhere, but I read in the admin guide and splunk doesn't recommend using mapped network drives.

We should be able to use mounted volumes off a SAN correct?

Thanks again

No. Splunk cannot use any sort of external/3rd party database for storing the indexed data. However, you can store the index files Splunk uses just about anywhere.

You can find some sizing guidelines at http://www.splunk.com/wiki/Community:HardwareTuningFactors

All correct. Well what type of config like RAID you use is up to you, but yes, all you need is a host with disk space.

To clarify, Splunk does not use a SQL database to store and manage the data? If I were to build a Splunk server, I just need to make sure I have a Raid 10 config and make sure the hard drive space is big enough to hold all incoming data, and then install Splunk in that server?

And to clarify, Splunk is the data server (among other things), so no additional server is required