Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Indexer - how many IOPS expect with this configuration

edoardo_vicendo
Builder
‎02-12-2021 09:37 AM

Hi All,

I know this question is very generic, but I will try asking 🙂

We have 2 sites with this Indexing Tier configuration:

  • Site 01
    • 3 Indexers (dedicated VM with 2x20 physical core CPU Intel Xeon 6148 and 96GB RAM each)
    • SF=2, RF=2
  • Site 02
    • 3 Indexers (dedicated VM with 2x20 physical core CPU Intel Xeon 6148 and 96GB RAM each)
    • SF=2, RF=2

Search Heads are configured with site affinity so searches go on both sites.

Machines are quite new, supposing you don't have any limitation on the storage tier, how many IOPS are you expecting pushing them to the limit?

Thanks a lot,
Edoardo

Labels (1)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-13-2021 05:18 AM

If there are no limits on the storage tier then IOPS will be limited by the network.  Since you've not given information about storage, network, or data rate there's no way to offer an IOPS suggestion.

---
If this reply helps you, Karma would be appreciated.
Reply

edoardo_vicendo
Builder
‎02-15-2021 03:11 AM

@richgalloway thanks for your feedback

We currently have (per site):

  • HPE Bladesystem using VMware ESXi and RHEL OS
    • 4 Blade
      • Blade 1: 2 SH (2 VM with 20 physical CPU core + 64 GB RAM each)
      • Blade 2: 1 Indexer (dedicated VM with 2x20 physical core CPU + 96GB RAM each)
      • Blade 3: 1 Indexer (dedicated VM with 2x20 physical core CPU + 96GB RAM each)
      • Blade 4: 1 Indexer (dedicated VM with 2x20 physical core CPU + 96GB RAM each)
    • 2 x Fiber Channel Modules 8 ports (each port 16Gb/s)
      • Blade 1-4 connect to 4 ports on Fiber Channel Modules 1 to SAN 1
      • Blade 1-4 connect to 4 ports on Fiber Channel Modules 2 to SAN 2
      • Each Fiber Channel Module is virtualized
    • Storage SAN Hitachi G1000 (All Flash SSD)
      • Each Indexer has a 13TB dedicated LUN (space already reserved)
      • The LUN is mounted as a vmdk

Thanks a lot,

Edoardo

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...