Splunk Search

What is the recommended OS to run Splunk on?

New Member

What is the recommended OS to run Splunk on in an evironment that will process 15-20GB files daily, or is Splunk running just as fine on Windows as Linux for example?


Tags (2)
0 Karma


I have noticed that splunk works great on a true opensource platform like Linux. I am a old SUN guy and love SPARC, but it is slow agree with splunk. I don't trust the OpenSolaris as it has to many problems and no support.

Linux is fast, efficient, and cost effective. The other vendor is not worthy to mention for real Enterprise Environment.

Best Regards,

Craig A. Sayler Sr. Unix-Linux, VMware, Beowulf Cluster Engineer NASA Dryden Flight Research Center

Splunk Employee
Splunk Employee

It really depends on your requirements, your intended/expected data thruput and your budget. Take a look at this deployment article referenced above, that's directly from our Engineering team to help estimate your hardware needs.

The top performers in terms of indexing and search speed & capabilities are Linux and Windows, those two are consistently ahead of the pack when it comes to performance, with Linux currently edging the lead.

A lot of environments have old SPARC boxes that can be reappropriated and on paper look like an ideal platform, but note the stipulation of x86 architecture in that planning article. Splunk will run just fine on SPARC, but the hardware will limit the performance simply because it's not suited to the way Splunk works. If you care about performance, SPARC is not for you. If you don't care so much and just need a server to run on, go right ahead, but bear in mind that at some point you may want to migrate to x86 and currently there's no easy way to just copy your indexes over.

Splunk Employee
Splunk Employee

"...are more true of the T1..."

0 Karma

Splunk Employee
Splunk Employee

The comments about SPARC are true of the T1 and T2 series processors than of the other SPARC machines.

0 Karma


I'm not sure it really matters which OS you're running so long as it's supported by Splunk and you follow their best practices doc: http://www.splunk.com/base/Documentation/4.1.4/Installation/CapacityplanningforalargerSplunkdeployme...

Personally, we're running our indexer on AIX and haven't had a problem.

Get Updates on the Splunk Community!

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Join Principal Threat Researcher, Michael Haag, as he walks through:An introduction to the Splunk Threat ...

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...