你好,
我们正计划在我们的组织中转移到Nutanix。在这个项目范围内的一个应用是Splunk。我们是一个小环境,我们的Splunk数据摄入量大约是30GB/天,设置主要用作SIEM。
我们收到了一些建议,将Splunk隔离到一个单独的集群中。这是必要的吗?或者,如果我们能够保证它的资源可用性,我们可以将它放在同一个集群上吗?该集群将托管一些应用程序和一些基础设施组件,如AD和DNS。
如果我们将Splunk隔离在一个不同的集群中,会有什么主要的好处吗?
最佳答案Sudhir9
Thank you for posting your question to Nutanix Communities. I understand your Splunk requirements is primary however resource consumption is not very high.<\/p>
Though I can answer your question in a yes or no, I would like you to go through our Splunk best practice Document, this will clear your doubt as well as give you more clarity on why Splunk on Nutanix<\/a> is even better idea.<\/p>","className":"post__content__best_answer"}">