Hi everyone, We're planning a new Splunk deployment and considering three different scenarios (Plan A and B) based on daily ingestion and data retention needs. I would appreciate it if you could review the sizing and let me know if anything looks misaligned or could be optimized based on Splunk best practices. 🔹 Overview of each plan: Plan A: Daily ingest: 2.0TB Retention: same 10 Indexers 3 Search Heads 2 ES Search Heads CM, MC, SH Deployer, DS, LM, 4–5 HFs, and several UBA/ML nodes Plan B: Daily ingest: 2.6TB Retention: same 13 Indexers 3 Search Heads 3 ES Search Heads CM, MC, SH Deployer, DS, LM, 4–5 HFs, and several UBA/ML nodes As I told Each plan includes CM, MC, SH Deployer, DS, LM, 4–5 HFs, and several UBA/ML nodes. 🔹 Example specs per Indexer (Plan C): Memory: 128GB vCPU: 96 cores Disk: 500GB OS SSD + 6TB hot SSD + 30TB cold HDD + 11TB frozen (NAS) ---------------------------------------- 🔍 What I'm looking for: Are these hardware specs reasonable per Splunk sizing guidelines? Is the number of indexers/search heads appropriate for the daily ingest and retention? Any red flags or over/under-sizing you would call out? Thanks in advance for your insights! ... View more

Hi Splunk Community, I’m encountering an issue with the membership date shown in my profile. According to the welcome email I received from Splunk on Dec 7, 2019, I joined in 2019. However, my profile indicates that I’ve been a member since July 13, 2024. Could anyone explain why this discrepancy might be occurring, and what I can do to correct it? Is there a specific action I need to take, or should I reach out to support for further assistance? Thank you for your help! Best regards ... View more