Splunk Enterprise is a popular solution for the operational intelligence for data center. The name of Splunk comes from ‘spelunking’ because the founders of Splunk feel understanding machine data is like spelunking in cold cave.
The way that Splunk Enterprise works is to collect syslogs and event logs from all network devices, Windows and Linux machines, etc., then build up time series based index data files as the search source. Splunk instances include Search Head, Search Peer (Indexer) and Forwarder.
In a data center, the log files keep growing all the time. In order to make Splunk index these files efficiently, to make proper capacity planning is significant. Below is the formula to do capacity planning for Splunk:
(Daily average indexing rate) * (Index Replication Count) * (retenti...
Read More