I am planning to deploy a Splunk Distributed Search Architecture in a mixed environment of 500 servers mostly Windows and some Red Hat Enterprise (RHEL) Linux 7. Splunk hosts will be RHEL 7.2 I will have two search heads: Enterprise & Security, a 3 node indexer clustered on the Splunk application level, and a separate Deployment Server.
I read that Splunk will create the necessary directories during installation. Is there partition model recommendation or LVM I should have ready before installing Splunk 6.4 in my Linux servers? Or should I just let Splunk create directories automatically during install?
See my current Linux partitions below:
/root 50G
/home/ 200 G
/boot 500mb
/swap/ 8G
/tmp
/var
/var/tmp/
/var/log/
/var/log/audit/
↧