1
00:00:03,820 --> 00:00:11,590
As part of our journey of designing the best architecture for our organisation, the next step is.

2
00:00:12,380 --> 00:00:17,240
Understanding the hardware specification required for our Splunk components.

3
00:00:17,240 --> 00:00:19,370
The link specified here.

4
00:00:20,140 --> 00:00:24,610
And that document should be able to take you directly.

5
00:00:26,070 --> 00:00:27,570
Let me show you.

6
00:00:28,940 --> 00:00:31,250
The contents of these.

7
00:00:32,070 --> 00:00:34,740
So that you will have better understanding.

8
00:00:34,980 --> 00:00:39,630
These are the hardware recommendations that are recommended by Splunk.

9
00:00:42,810 --> 00:00:49,890
The link should be able to take you directly into the requirements page, which shows the recommended

10
00:00:49,890 --> 00:00:51,450
hardware specification.

11
00:00:51,690 --> 00:00:54,420
These are for UNIX operating system.

12
00:00:55,350 --> 00:00:55,860
Now.

13
00:00:55,860 --> 00:00:58,200
Let us go through them one by one.

14
00:00:58,920 --> 00:01:03,870
Let us start from looking by search your perspective.

15
00:01:06,630 --> 00:01:11,460
Depending on, let's say, small, medium or large enterprise.

16
00:01:13,030 --> 00:01:21,970
The number of calls for Splunk varies from 2 to 64 cores at two gigahertz, depending upon the size

17
00:01:21,970 --> 00:01:22,960
of the architecture.

18
00:01:22,990 --> 00:01:29,620
It's like the well goes for small enterprise and 64 core for a large enterprise.

19
00:01:30,400 --> 00:01:36,490
For the searcher, the more cores the better, because each core or it is core intensive.

20
00:01:36,520 --> 00:01:38,920
The search are whenever you run a search.

21
00:01:38,950 --> 00:01:42,520
It mainly relies on the available cores on that.

22
00:01:42,880 --> 00:01:43,620
Search it.

23
00:01:46,860 --> 00:01:48,300
It's better to have.

24
00:01:49,090 --> 00:01:52,900
The model number, of course, for that search it.

25
00:01:56,730 --> 00:01:59,130
I'm looking at Indexer Hardware.

26
00:02:00,670 --> 00:02:03,160
It is highly critical to get.

27
00:02:04,410 --> 00:02:08,460
Minimum are more than 200 IOPS.

28
00:02:09,980 --> 00:02:19,010
Diapers should be more for the indexes since the more IOPS, the better the performance of your indexer.

29
00:02:19,160 --> 00:02:23,810
Always remember never to compromise on IOPS.

30
00:02:23,810 --> 00:02:28,460
That is your input operation input output operations per second.

31
00:02:30,130 --> 00:02:35,950
Since it is one of the critical values for the performance of your entire Splunk environment.

32
00:02:36,870 --> 00:02:43,080
Moving on to the next value is the storage from our previous discussions.

33
00:02:43,530 --> 00:02:47,730
We know how to get an estimated storage for our indexes.

34
00:02:47,760 --> 00:02:57,210
Now we need to understand what grade level is required or recommended by Splunk to run at optimum performance.

35
00:02:57,990 --> 00:03:02,970
It is highly recommended to rate ten for better performance.

36
00:03:02,970 --> 00:03:11,580
But if you are able to get a IOPS condition, we should be fine with rate five or rate six.

37
00:03:14,760 --> 00:03:22,050
The next step is the RAM specification, which depends again on the size of the deployment, considering

38
00:03:22,050 --> 00:03:25,590
it's a small, medium or large on the system.

39
00:03:26,410 --> 00:03:35,320
The RAM can vary from 2 to 64 GB similar to the course that we are considered earlier for the scale

40
00:03:35,320 --> 00:03:36,530
of the deployment.

41
00:03:36,560 --> 00:03:44,140
It's always better to go for the maximum available RAM since you will notice Splunk will be acting like

42
00:03:44,140 --> 00:03:45,040
a monster.

43
00:03:45,070 --> 00:03:49,750
It will be eating up all the resources that it can get its hands on.

44
00:03:49,750 --> 00:03:57,140
And this can be tuned to run at optimum performance by a Splunk admin or Splunk architect.

45
00:03:57,160 --> 00:04:01,360
And also, there are a couple of prerequisites.

46
00:04:02,170 --> 00:04:08,920
For Splunk, which should be taken care as part of infrastructure provisioning or before installation.

47
00:04:09,810 --> 00:04:11,480
Those are your limits.

48
00:04:11,490 --> 00:04:17,820
As per Splunk recommendations, there are a couple of limits that need to be specified at the highest

49
00:04:17,820 --> 00:04:25,710
level so that Splunk operates at optimum performance and also SC Linux are known as Secure Linux and

50
00:04:25,710 --> 00:04:26,790
Linux platform.

51
00:04:27,060 --> 00:04:36,090
It should be disabled or should be made to allow Splunk to run outside C, Linux and DHP, which stands

52
00:04:36,090 --> 00:04:42,960
for Transparent Huge Pages, which is known to cause issues while running Splunk.

53
00:04:42,960 --> 00:04:49,200
So it is recommended by Splunk to disable these processes before installation.