Splunk Search

What is the recommended OS to run Splunk on?

olsenf
New Member

What is the recommended OS to run Splunk on in an evironment that will process 15-20GB files daily, or is Splunk running just as fine on Windows as Linux for example?

Thanks.

Tags (2)
0 Karma

craigsayler
Engager

I have noticed that splunk works great on a true opensource platform like Linux. I am a old SUN guy and love SPARC, but it is slow agree with splunk. I don't trust the OpenSolaris as it has to many problems and no support.

Linux is fast, efficient, and cost effective. The other vendor is not worthy to mention for real Enterprise Environment.


Best Regards,

Craig A. Sayler Sr. Unix-Linux, VMware, Beowulf Cluster Engineer NASA Dryden Flight Research Center

Mick
Splunk Employee
Splunk Employee

It really depends on your requirements, your intended/expected data thruput and your budget. Take a look at this deployment article referenced above, that's directly from our Engineering team to help estimate your hardware needs.

The top performers in terms of indexing and search speed & capabilities are Linux and Windows, those two are consistently ahead of the pack when it comes to performance, with Linux currently edging the lead.

A lot of environments have old SPARC boxes that can be reappropriated and on paper look like an ideal platform, but note the stipulation of x86 architecture in that planning article. Splunk will run just fine on SPARC, but the hardware will limit the performance simply because it's not suited to the way Splunk works. If you care about performance, SPARC is not for you. If you don't care so much and just need a server to run on, go right ahead, but bear in mind that at some point you may want to migrate to x86 and currently there's no easy way to just copy your indexes over.

gkanapathy
Splunk Employee
Splunk Employee

"...are more true of the T1..."

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

The comments about SPARC are true of the T1 and T2 series processors than of the other SPARC machines.

0 Karma

Branden
Builder

I'm not sure it really matters which OS you're running so long as it's supported by Splunk and you follow their best practices doc: http://www.splunk.com/base/Documentation/4.1.4/Installation/CapacityplanningforalargerSplunkdeployme...

Personally, we're running our indexer on AIX and haven't had a problem.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...