I am planning to deploy a Splunk Distributed Search Architecture in a mixed environment of 500 servers mostly Windows and some Red Hat Enterprise (RHEL) Linux 7. Splunk hosts will be RHEL 7.2 I will have two search heads: Enterprise & Security, a 3 node indexer clustered on the Splunk application level, and a separate Deployment Server.
I read that Splunk will create the necessary directories during installation. Is there partition model recommendation or LVM I should have ready before installing Splunk 6.4 in my Linux servers? Or should I just let Splunk create directories automatically during install?