Reference hardware
UXM is setup to handle 10.000+ Desktop agents and million of Web page requests per day.
The recommended architecture is to setup an Splunk Heavy-Forwarder with UXM (containing the NGINX/RabbitMQ queue) and send data via HTTP Event Collector (HEC) to the indexers.
Standalone environment
Recommended hardware for under 20.000 endpoints and 4 concurrent data analysis users.
| Component | Number of servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Receiving, Analysis and Storage | 1 | 8 vCPU | 32 GB Ram | 300 GD SSD disk | |
| Daily Splunk license usage: < 10 GB | NGINXRabbitMQSplunk Search HeadSplunk Indexer |
Small distributed environment
Recommended hardware for 20.000 endpoints and over 4 concurrent data analysis users.
| Component | Number of servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Collector | 1 per 20.000 endpoints | 8 vCPU | 12 GB Ram | 100 GD SSD disk | Splunk Heavy ForwarderNGINXRabbitMQ |
| Data Analysis and Storage | 1 | 16 vCPU | 64 GB Ram | 100 GD SSD disk | |
| 500 GB disk for 1 year data retention | |||||
| Daily Splunk license usage: 10 ~ 70 GB | Splunk Search HeadSplunk Indexer |
Large distributed environment
Recommended hardware for 70.000 latops/desktops/thin clients and 6000 Citrix servers with 60.000 Citrix users.
| Component | Number of servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Collector | 4 (1 per 20.000 endpoints) | 16 vCPU | 16 GB Ram | 300 GD SSD disk | Splunk Heavy ForwarderNGINXRabbitMQ |
| Data Analysis | 1 | 48 vCPU | 62 GB Ram | 300 GD SSD disk | Splunk Search Head |
| Data Storage | 1 | 48 vCPU | 62 GB Ram | 300 GD SSD disk | |
| 10 TB disk for 1 year data retention | |||||
| Daily Splunk license usage: 75 GB | Splunk Indexer |