Does Splunk need a dedicated SQL Server to manage the data? Can the SQL Database be in the same server as Splunk instance is installed?
Splunk does not use a Relational Database to store and manage its data.
It uses flat files on the file system called "Indexes".
http://docs.splunk.com/Documentation/Splunk/latest/Admin/WhatsaSplunkindex
Hello,
What if we want to host the splunk data on a SQL database? Is it possible to do that?
If so, does Splunk support sql databases that are hosted centrally on a SAN?
Thanks
You can, but be sure your device and connection meets the minimum IOPS. Otherwise your instance will have many problems.
thanks for your reply. That really helps. You mentioned we could store the index files just about anywhere, but I read in the admin guide and splunk doesn't recommend using mapped network drives.
We should be able to use mounted volumes off a SAN correct?
Thanks again
No. Splunk cannot use any sort of external/3rd party database for storing the indexed data. However, you can store the index files Splunk uses just about anywhere.
Splunk does not use a Relational Database to store and manage its data.
It uses flat files on the file system called "Indexes".
http://docs.splunk.com/Documentation/Splunk/latest/Admin/WhatsaSplunkindex
You can find some sizing guidelines at http://www.splunk.com/wiki/Community:HardwareTuningFactors
All correct. Well what type of config like RAID you use is up to you, but yes, all you need is a host with disk space.
To clarify, Splunk does not use a SQL database to store and manage the data? If I were to build a Splunk server, I just need to make sure I have a Raid 10 config and make sure the hard drive space is big enough to hold all incoming data, and then install Splunk in that server?
And to clarify, Splunk is the data server (among other things), so no additional server is required