We are planning to move to Nutanix in our organization. One of the application that is in the scope of this project is Splunk. We are a small environment and our Splunk data intake is around 30GB/day and the setup is mainly used as a SIEM.
We have received a few recommendation to isolate Splunk to a separate cluster. Is this necessary, or can we have it on the same cluster if we could guarantee the availability of resources for it? The cluster will host a few application and some infrastructure component like AD and DNS.
Are there any major benefits if we isolate Splunk in a different cluster?
Best answer by Sudhir9
Thank you for posting your question to Nutanix Communities. I understand your Splunk requirements is primary however resource consumption is not very high.
Though I can answer your question in a yes or no, I would like you to go through our Splunk best practice Document, this will clear your doubt as well as give you more clarity on why Splunk on Nutanix is even better idea.