Hi Experts,
I need some suggestions on my Splunk Deployment,like what architecture fits for me .
Total Data volume :- 65GB /day
Concurrent users :- 10
Usage :- Scheduled reporting and searching
Data Sources :- Linux , Windows (total 80 servers)
Log Type :- Security , Event logs from Windows and Linux servers.
Following was the purposed wonderful architecture which seems very high end architecture , please suggest which part of the following I can remove or reduce to 4 servers else it would be very costly architecture.
Search Head (3 servers, 8 cpu, 15GB RAM, 500GB Disk, Genral SSD each)
Peers (2 Servers , 8cpu , 15 GB RAM, 8000GB, Genral SSD each )
Master & Deployment Server (1Server ,2CPU,4GB RAM,100GB Disk , Genral SSD)
Forwarders (2 Servers, 2CPU, 8GB RAM, 250 GB Disk, Genral SSD each)
SHC Deployer (1 server , 1CPU, 1GB RAM, 100GB Disk, Genral SSD)
Thanks
VG
... View more