Building for the Splunk Platform

Publish application to Splunk

lremember
Explorer

Dear All:

I want to publish the application to Splunk,but I want to clarify some things,as follows:

1. How to publish your own program to Splunk.

2.What is the query efficiency of the Splunk log interface? For example, if I want to achieve a QPS of 9000, what is the minimum configuration that my machine should meet.

3.What is the minimum configuration that a machine can meet to meet the most basic performance

Thank you~

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I'm not sure what you are meaning with "publish your own program to splunk"? If it means Your own Splunk App then you just create it on splunk or install it with Splunk GUI. If you are meaning onboarding logs from your own business system then it depends how those are logging. But basically those are quite simple. Just look if there are already done Splunk App/TA for it on splunkbase.splunk.com or just do onboarding by yourself of ask some Splunk Partner to do it and train you at same time. https://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor

EPS/QPS depends what kind of logs you have and which kind of queries you are doing. Also how much data you are ingesting daily base. If you are setting splunk into on premise or own AWS (etc.) environment, then here is some instructions to select correct hardware https://docs.splunk.com/Documentation/Splunk/latest/Capacity/IntroductiontocapacityplanningforSplunk... If you are going to Splunk Cloud then contact some local Splunk Partner and they will help you to correctly sized SC environment.

Absolute minimum configuration is one server which has both indexer and search head capabilities. But this is totally dependant how much data you are ingesting per day and how many source systems will feed it and how you are managing those. In general cases (more than xx GB/day) I propose separate SH (search head) then 1-2+ node index cluster with manager and separate DS (deployment server) to manage input configurations. Of course if you are using to use Splunk premium apps (like ES or ITSI) then there are some more items which need to take into your calculations.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...