Hi,
I want to setup departmental architecture because we are getting daily data volume is 1 GB/day.
As per the splunk documentation about departmental architecture they said required only one single instance (indexer + search head). But I divide indexer to search head through distributed search , Is this process good or anything wrong.
**Hardware setup for indexer and search head**
Intel x86 64-bit chip architecture
12 CPU cores at 2Ghz or greater speed per core
12GB RAM
Standard 1Gb Ethernet NIC, optional second NIC for a management network
Standard 64-bit Linux or Windows distribution
Based on daily data volume 1GB/day we decide departmental architecture , but Is it possible to follow small tier architecture. Please let me know, if I am going in wrong direction.
For more 100 concurrent users or searches what setup I have to do in departmental architecture.
↧