Please suggest the best practise for splunk deployment
Considerations:
Index data of size 2GB daily
Data comes from 20 different hosts
Report generation on data
Proposed Solution:
Search Factor=2, Replication Factor=2
20 forwarders to pull data from hosts
One master node, Two Peer Nodes(for Indexing) , One Search head
Data on each node would be 1GB (considering RF and SF)
My question is does this set up looks good or can i avoid search head as there are only two indexers, please suggest some best practices . Do i really need to go for cluster set up if not what can be done ?????
looking forward for your ideas, Thanks in advance
... View more