Solved: Recommended Virtual Machine Sizes for Search Head ...

aelliott · ‎03-04-2014

Does this seem like a good setup for a dedicated Search head, indexer for a virtualized Splunk?

Search Head
- 8 core 16 GB Ram

Indexer
- 8 core 8 GB Ram 1 TB Hard Drive

We will have approximately 3 concurrent users at a given time, and a throughput of 10 GB/day

martin_mueller · ‎03-05-2014

Yeah, that looks better. I'm not 100% certain if 16/8 memory distribution is better than 12/12, but changing that is not going to have an enormous impact. More is always better of course, but you should be fine for a pedestrian 10GB/day...

View solution in original post

martin_mueller · ‎03-05-2014

Yeah, that looks better. I'm not 100% certain if 16/8 memory distribution is better than 12/12, but changing that is not going to have an enormous impact. More is always better of course, but you should be fine for a pedestrian 10GB/day...

aelliott · ‎03-19-2014

finally have the power to convert to answer 🙂 Thanks for your help martin.

ChrisG · ‎03-04-2014

Bear in mind that indexing performance is about 30% slower on a virtual machine. Search performance is about equivalent to physical hardware.

aelliott · ‎03-04-2014

I have modified my post, does that look much better?

martin_mueller · ‎03-04-2014

I'd swap the cores around, giving the search head more oomph.

Recommended Virtual Machine Sizes for Search Head and Indexer

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update