I have noticed that splunk works great on a true opensource platform like Linux. I am a old SUN guy and love SPARC, but it is slow agree with splunk. I don't trust the OpenSolaris as it has to many problems and no support.
Linux is fast, efficient, and cost effective. The other vendor is not worthy to mention for real Enterprise Environment.
Best Regards,
Craig A. Sayler Sr. Unix-Linux, VMware, Beowulf Cluster Engineer NASA Dryden Flight Research Center
It really depends on your requirements, your intended/expected data thruput and your budget. Take a look at this deployment article referenced above, that's directly from our Engineering team to help estimate your hardware needs.
The top performers in terms of indexing and search speed & capabilities are Linux and Windows, those two are consistently ahead of the pack when it comes to performance, with Linux currently edging the lead.
A lot of environments have old SPARC boxes that can be reappropriated and on paper look like an ideal platform, but note the stipulation of x86 architecture in that planning article. Splunk will run just fine on SPARC, but the hardware will limit the performance simply because it's not suited to the way Splunk works. If you care about performance, SPARC is not for you. If you don't care so much and just need a server to run on, go right ahead, but bear in mind that at some point you may want to migrate to x86 and currently there's no easy way to just copy your indexes over.
"...are more true of the T1..."
The comments about SPARC are true of the T1 and T2 series processors than of the other SPARC machines.
I'm not sure it really matters which OS you're running so long as it's supported by Splunk and you follow their best practices doc: http://www.splunk.com/base/Documentation/4.1.4/Installation/CapacityplanningforalargerSplunkdeployme...
Personally, we're running our indexer on AIX and haven't had a problem.