Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Where is building lab splunk with free or cheap virtual server ?

hungtrn
Engager
‎02-09-2023 01:01 AM

Hello everyone, 

I'm new on splunk. 

I want to build mini lab splunk with virtual machine.

Can someone else can share me if you know : 

Do you know where i can buy/use cheap/free resources virtual server that are configurable enough for lab splunk building.

I'm plan on building 8 server with roles like that :

- 2 forwarder

- 3 index

- 1 cluster manager

- 1 search head

- 1 license manager / deployer server / monitoring console.

 

Hope someone can help. Thanks a lot. 

 

0 Karma
Reply

nyc_jason
Splunk Employee
Splunk Employee
‎02-17-2023 09:22 AM

So long as you're not doing performance testing you may consider running splunk using docker.  Ive been able to spin up 3-node index clusters with an ITSI Search head, on an 8-core i9, 32GB (w/1TB SSD) macbook laptop, even running ITSI and another container running oracle. if you have a few machines, you'd be pretty set. again, so long as you're not doing real load testing, you can spin up an environment in a few seconds, and test your apps and inputs.

https://docs.splunk.com/Documentation/Splunk/9.0.3/Installation/DeployandrunSplunkEnterpriseinsideDo...

Just be aware, the free version of splunk does not support clustering or premium splunk apps.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎02-09-2023 01:31 AM

I know of no service that will give you machines of enough power to run these components for free.

Depending on your use case (what you want to train in this lab), you might get away with a relatively low-spec machines (way lower than the reference machines) but be prepared for the environment to run unreliably, be prone to hangs, oom-kills and such.

If you have a linux host around somewhere, you can however try to run a KVM virtualization host with KSM turned on which will give you a greatly reduced memory usage if the VMs are not heavily used and mostly share the same memory pages due to common code base.

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...