splunk>enterprise
Administrator ▾Settings ▾
ES
Enterprise Security
Splunk App for Enterprise Security · v7.3.0
DAY 8 LAB · LAB 8 — ARCHITECT A SPLUNK DEPLOYMENT· week 2
Architect a Splunk deployment — sizing, components, HA.
- ›Open Configure → General Settings.
- ›Plan for 500 GB/day ingest.
- ›Decide Indexer Cluster + SHC yes/no.
Hint: Rule of thumb: 1 indexer per 100-300 GB/day. Plan 30% headroom. ES needs its own SH.
Configure
Saved Searches
No saved searches. Save one from the Search tab.