×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
alexbutcher
Engager
Member since: ‎11-27-2014
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎11-27-2014
Activity Feed
View All

Re: Best use of available hardware

by SplunkTrust in Monitoring Splunk
‎11-27-2014 01:30 PM
2 Karma
‎11-27-2014 01:30 PM
2 Karma
With 10G daily volume you'd be good with running one of those boxes as an all-in-one Splunk, assuming you don't do weird things like a billion users churning through the data all day long. One box with the six drives in RAID10 should give you a retention time of well over a year, more than enough to get started. Sure you could use one as a SH and one as an IDX, but the gain is small for normal situations and somewhat offset by the network between the two. Here's a potentially better alternative: Set up two all-in-one instances with one of them acting as license master for the other. That way you could use one as your testing/sandbox instance and move stuff that's somewhat "done" to the more production-ish instance to keep running without being messed with too much. Additionally, starting with one all-in-one instance keeps things simple and your initial get-go quick. When you either add license volume or run out of space in a year or three you can still consider upgrading your hardware. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All