Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Where is building lab splunk with free or cheap virtual server ?

hungtrn
Engager
‎02-09-2023 01:01 AM

Hello everyone, 

I'm new on splunk. 

I want to build mini lab splunk with virtual machine.

Can someone else can share me if you know : 

Do you know where i can buy/use cheap/free resources virtual server that are configurable enough for lab splunk building.

I'm plan on building 8 server with roles like that :

- 2 forwarder

- 3 index

- 1 cluster manager

- 1 search head

- 1 license manager / deployer server / monitoring console.

 

Hope someone can help. Thanks a lot. 

 

0 Karma
Reply

nyc_jason
Splunk Employee
Splunk Employee
‎02-17-2023 09:22 AM

So long as you're not doing performance testing you may consider running splunk using docker.  Ive been able to spin up 3-node index clusters with an ITSI Search head, on an 8-core i9, 32GB (w/1TB SSD) macbook laptop, even running ITSI and another container running oracle. if you have a few machines, you'd be pretty set. again, so long as you're not doing real load testing, you can spin up an environment in a few seconds, and test your apps and inputs.

https://docs.splunk.com/Documentation/Splunk/9.0.3/Installation/DeployandrunSplunkEnterpriseinsideDo...

Just be aware, the free version of splunk does not support clustering or premium splunk apps.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-09-2023 01:31 AM

I know of no service that will give you machines of enough power to run these components for free.

Depending on your use case (what you want to train in this lab), you might get away with a relatively low-spec machines (way lower than the reference machines) but be prepared for the environment to run unreliably, be prone to hangs, oom-kills and such.

If you have a linux host around somewhere, you can however try to run a KVM virtualization host with KSM turned on which will give you a greatly reduced memory usage if the VMs are not heavily used and mostly share the same memory pages due to common code base.

Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...