Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

If anyone of you or your teams have implemented Splunk in production, kindly share the following details ?

moiezuddin
Explorer
‎02-04-2016 05:56 AM
  1. Time taken by splunk to process 200 GB/day (in Hours)? & what is the current volume (log Size) which has been processed by Splunk per day (In Hours)?
  2. Hardware/software details of server in which “splunk server” is running.
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-04-2016 06:28 AM

The speed of processing depends on how many cores you have on the indexer along with how many indexers you have indexing the data. It also depends on if you were consuming that data within a 1 hour time frame or if it was distributed over 24 hours. If the latter case then it works very fast.

We currently have 2 clustered indexers with 16 cores each which index around 100-120 GB/day. We have 1 application which has around 5 billion events per month and takes 8 days to process the report on an accelerated data model, so we had to do a workaround and set up a summery index. So my advise is to not to buy tons of hardware for 1-2 applications, there's always a workaround to boost the performance. You also have cloud infrastructure you could leverage if you needed to

0 Karma
Reply

renjith_nair
SplunkTrust
SplunkTrust
‎02-04-2016 06:07 AM

We have Splunk in production but the amount of data processing depends on your hardware. So it will be different for different environment

If you are looking for the sizing , the following reference should help you.

https://splunk-sizing.appspot.com/
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Referencehardware
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Summaryofperformancerecommendations
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Forwarder-to-indexerratios
http://docs.splunk.com/Documentation/Splunk/6.1/installation/Capacityplanningforalargersplunkdeploym...

Happy Splunking!
0 Karma
Reply
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...