Want to scale Splunk Enterprise Security to 100TB/day? We've done it! In Splunk labs, we built workloads that closely simulate our customers' usage patterns, and we scaled beyond a 100TB per day ingest rate with search head clustering. In this session we'll share key aspects of our Splunk Enterprise Security workload design: diverse source types, major data models, search scenarios, data enrichment, and hardware choices for search head and indexer. We will also share how different configurations impact search performance and how to tune Splunk Enterprise Security effectively with parameters such as max_searches_per_cpu, acceleration.max_concurrent, allow_skew, and maxBundleSize to name a few. Come see how we scaled to large volumes while efficiently utilizing hardware capacity for maximum performance.

Speaker(s)
Devendra Badhani, Sr Engineering Manager, Splunk
Jesse Chen, Principal Performance Engineer, Splunk

Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1554.pdf?podcast=1577146215

Product: Splunk Enterprise Security

Track: Security, Compliance and Fraud

Level: Intermediate