Splunk Enterprise Security

Deployment Sizing on AWS

ajiwanand
Path Finder

We are deploying Enterprise Security for various clients on AWS, and are in the planning phase. I am attempting to create reference documentation that would contain the minimum instance type and number of instances per deployment, with a more granular breakdown in terms of capacity.

We also want to provide the following in all deployments:
- HA/DR (somewhat) - So the deployment would contain of a multi-site indexer cluster as well as a search head cluster
- Monitoring Console,Deployment server where neccesary but reduce need for extra instances so group roles where possible (I chose License manager + Deployer and Cluster master node + Deployment Server + Monitoring Console
- Searching of up to around 8-16 users
- Use of smart store for indexer storage
- Use smallest possible instances where possible
- Mainly used for ES
- Hopefully utilize placement groups, kubernetes and other services on cloud in the future when supported by splunk (believe this is soon)

I am also aware that:
- Each deployment/client will be different even if they have the same ingestion rate
- Splunk recommendations have pretty big gaps e.g 2-300GB is 1 SH and 1Indexer whereas I am trying to break it down a bit more like 25-50, 50-100,100-300, 300-600, etc
- Instance types , and prices change..again this is just for reference

Has anyone done something similar?

0 Karma
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...