Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

If anyone of you or your teams have implemented Splunk in production, kindly share the following details ?

moiezuddin
Explorer
‎02-04-2016 05:56 AM
  1. Time taken by splunk to process 200 GB/day (in Hours)? & what is the current volume (log Size) which has been processed by Splunk per day (In Hours)?
  2. Hardware/software details of server in which “splunk server” is running.
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-04-2016 06:28 AM

The speed of processing depends on how many cores you have on the indexer along with how many indexers you have indexing the data. It also depends on if you were consuming that data within a 1 hour time frame or if it was distributed over 24 hours. If the latter case then it works very fast.

We currently have 2 clustered indexers with 16 cores each which index around 100-120 GB/day. We have 1 application which has around 5 billion events per month and takes 8 days to process the report on an accelerated data model, so we had to do a workaround and set up a summery index. So my advise is to not to buy tons of hardware for 1-2 applications, there's always a workaround to boost the performance. You also have cloud infrastructure you could leverage if you needed to

0 Karma
Reply

renjith_nair
Legend
‎02-04-2016 06:07 AM

We have Splunk in production but the amount of data processing depends on your hardware. So it will be different for different environment

If you are looking for the sizing , the following reference should help you.

https://splunk-sizing.appspot.com/
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Referencehardware
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Summaryofperformancerecommendations
http://docs.splunk.com/Documentation/Splunk/6.2.0/Capacity/Forwarder-to-indexerratios
http://docs.splunk.com/Documentation/Splunk/6.1/installation/Capacityplanningforalargersplunkdeploym...

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...