Dear Jtacy/All,
Thanks a lot for the update. However would be great if we can get more information on this front. So let me rephrase my question as below with more details.
We have Splunk Cluster Architecture with Master, Search Head, Indexer1 & Indexer2. Pur Splunk is accessed by all our users only in internal network not in externally. Our Splunk servers are flavoured on Redhat OS.
Now the question is that we wanted to run Trendmicro Antivirus agent, and bit scared if that would screw up the performance of Splunk. Have gone through certain articles in Splunk and it was mentioned that we can consider any Antivirus Agent to be in running state, but that should be restricted to do scanning to OS partitions and not to Splunk data partitions where Splunk setup exist.
As we are are running Splunk as critical application Log monitoring solution, by having antivirus running on same server doing real time or offline scanning to OS partitions by not touching to Splunk directory will it create any performance issues on CPU/Memory resulting in to Splunk performance degradation.
Please can you share all possible facts such that we can take advice forward. Please do let me know if any further inputs are do required.
Thanks and Regards,
Peri
... View more