Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Capacity planning best practices for Splunk Enterprise?

adukes_splunk
Splunk Employee
Splunk Employee
‎09-13-2019 12:32 PM

I'm looking for resources to help plan my deployment. Does anyone have capacity planning best practices for Splunk Enterprise?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

adukes_splunk
Splunk Employee
Splunk Employee
‎09-13-2019 12:34 PM

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

Take a load off!

Capacity planning with Splunk isn't so straightforward. Got slow indexing? Add indexers. Got slow searching? Add indexers! I bet you weren't expecting that answer.

How capacity planning helps you scale your deployment

Best practices for capacity planning are to size the environment to the near-max, not the average load (unless you want to be wrong half the time). The Monitoring Console, available to admin users, contains a set of dashboards to provide insight into your deployment’s indexing and search performance, licensing, and OS resource usage. Let’s focus on the resource usage dashboards since this relates directly to pure system load and can be useful for capacity planning.
For information about the Monitoring Console in Splunk Cloud, see monitor Splunk Cloud deployment health in the Splunk Cloud User Manual.

Things to know

Capacity planning is not easy so don’t hesitate to contact Splunk for guidance on complex deployments.The Splunk Enterprise Capacity Planning Manual contains a lot of detail about hardware capacity planning and how to scale your Splunk Enterprise deployment, so while it’s important to understand how to apply these strategies, also read about the Monitoring Console and familiarize yourself with this monitoring tool to view topology and performance information.

Review and consider the following items as you plan your deployment:

The Splunk First 90 Days Program does not offer guidance on deployment technologies or deployment sizing because there are too many options to consider. For more information about architecture design, review the sample topologies in the Splunk Validated Architectures white paper to find repeatable topologies you can align with.

Things to do

  • Find highs and lows. Use the resource usage dashboards on the Monitoring Console to identify the times during the day your data load is at it's highest and lowest. Use those numbers to determine the total capacity for your deployment.
  • Lighten the data load. What's the total and average indexing performance? Consult the resource usage dashboards to look for indexing pipelines bottlenecks.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

adukes_splunk
Splunk Employee
Splunk Employee
‎09-13-2019 12:34 PM

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

Take a load off!

Capacity planning with Splunk isn't so straightforward. Got slow indexing? Add indexers. Got slow searching? Add indexers! I bet you weren't expecting that answer.

How capacity planning helps you scale your deployment

Best practices for capacity planning are to size the environment to the near-max, not the average load (unless you want to be wrong half the time). The Monitoring Console, available to admin users, contains a set of dashboards to provide insight into your deployment’s indexing and search performance, licensing, and OS resource usage. Let’s focus on the resource usage dashboards since this relates directly to pure system load and can be useful for capacity planning.
For information about the Monitoring Console in Splunk Cloud, see monitor Splunk Cloud deployment health in the Splunk Cloud User Manual.

Things to know

Capacity planning is not easy so don’t hesitate to contact Splunk for guidance on complex deployments.The Splunk Enterprise Capacity Planning Manual contains a lot of detail about hardware capacity planning and how to scale your Splunk Enterprise deployment, so while it’s important to understand how to apply these strategies, also read about the Monitoring Console and familiarize yourself with this monitoring tool to view topology and performance information.

Review and consider the following items as you plan your deployment:

The Splunk First 90 Days Program does not offer guidance on deployment technologies or deployment sizing because there are too many options to consider. For more information about architecture design, review the sample topologies in the Splunk Validated Architectures white paper to find repeatable topologies you can align with.

Things to do

  • Find highs and lows. Use the resource usage dashboards on the Monitoring Console to identify the times during the day your data load is at it's highest and lowest. Use those numbers to determine the total capacity for your deployment.
  • Lighten the data load. What's the total and average indexing performance? Consult the resource usage dashboards to look for indexing pipelines bottlenecks.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...