We’ve had the question posed to us several times over the years:  “What impact would the addition of an SSD have to my Splunk environment?”  Referencing Splunk Answers:

http://splunk-base.splunk.com/answers/10417/splunk-on-solid-state-disk

Raitz is dead-on in his reply.  As data flows into a Splunk indexer, we are write-I/O heavy.  Sequential write performance on SSD vs SAS is pretty similar so no real benefit for Splunk on an SSD here.  These benchmarks illustrate this.

RAID0 w/SSD

RAID0 w/SAS

(These are RAID controller benchmarks but they still demonstrate the point)

Since a Splunk indexing server pulls dual duty and responds to search requests as well as performs indexing, what is the impact of an SSD on search performance?  Splunk searches can be categorized in two…

I had the opportunity to attend our SplunkLive event in Columbus the other day.  Before I even mention the event, let me go on record as saying that the Blue Ribbon Pot Roast at the Tip Top Kitchen is probably the best darn pot roast I’ve ever had.  Hopefully my mother doesn’t read this. Let’s talk SplunkLive.  For those of you who have never been to a SplunkLive, it’s an event we hold regularly in cities all over the world for Splunk customers, partners, and those interested in learning a bit more about what’s going on at Splunk to interact.  Having been in the tech industry for awhile, I’ve been to many vendor events where you get to hear…