We are currently looking at Splunk as a tactical monitoring and alerting solution for a low-volume file/folder integration. We want to set up a Proof of Concept in a Test Environment, however, the minimum specs detailed on the Splunk site go way beyond the spec of a typical VM here.
The interface we are monitoring will only be around 5Mb of data per day (multiple small files). I appreciate this is "small potatoes" for Splunk, and we will be looking at other things we can do with the tool. My client is running a fairly low volume estate, so we will never be looking at the 100s of GBs of data described in the Splunk specifications. It's more around capability than capacity we are interested.
Can I have any advice on setting up small instances of Splunk, and if we don't match the "minimum spec" suggested, are we still supported if we choose to go with the product?
... View more