×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
msaleh7422
Engager
Member since: ‎01-28-2026
‎02-02-2026
Community Statistics
Posts 2
Solutions 0
Karma Given 2
Karma Received 0
Member Since ‎01-28-2026
Activity Feed
View All

Multisite Cluster

by in Deployment Architecture
‎02-02-2026 06:17 AM
‎02-02-2026 06:17 AM
I’m relatively new to Splunk and currently designing my first production architecture, so I’d really appreciate your guidance. I’m considering a Multisite Indexer Cluster, but due to current constraints, my plan is: Start by implementing the entire environment in one site (HQ) After a few months, build and add a DR site Eventually convert this setup into a full multisite cluster My questions are: Is this approach recommended or supported by Splunk? Are there any design decisions I must take from day one to avoid rework later? Would it be better (for a beginner) to: Start with a single-site indexer cluster, then migrate to multisite later? Or design it as multisite from the beginning, even if the second site doesn’t exist yet? I want to follow best practices but also keep things simple and safe, especially since this is my first real ... View more
Labels

Indexer Sizing

by in Getting Data In
‎01-28-2026 02:23 AM
‎01-28-2026 02:23 AM
We would like your guidance on how to calculate the required number of Splunk indexers for our environment. Currently, our estimated data ingestion rate is approximately 1 TB per day. We would appreciate it if you could advise on: The recommended number of indexers needed for this ingestion volume I Have multi site deployment #splunk ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎02-02-2026 12:01 PM
Karma given to
View All