Workload Sizing Suite Explanation of Logic

The life of this calculator is coming to an end.

The author of this sizing calculator is no longer affiliated with Splunk. And, there are alternatives available.

Please use the Splunk Calculator

It's pretty much derived from this calculator - hopefully you will have no issues.

Contact me with any questions or concerns.

It was fun to serve you in your journey towards greater value with Splunk

Enjoy and good luck!

This workload modeler uses various techniques to help SWAG an anticipated Splunk workload. Various methods are provided. These are generally based on the concept of Yield.

Yield is a derived metric that proxies the overall throughput of a particular environment. For example, if you are ingesting 1TB of data and doing a lot of search work on it then your workload is higher than if you ingest the same 1TB of data and barely search it, your workload is lower and you need less compute. In the first case, your potential Yield per Unit (SVC / vCPU) is lower and in the second case, your potential Yield per Unit is higher.

As you can see, the output (Yield) from a compute unit depends on the workload that you plan on running. This sizing tool is built on this foundation to help you model out your compute demands.

For Splunk Cloud environments the unit is SVC. In this case, this app references data retrieved from studies of our wide variety of Splunk Cloud deployments. In Splunk Cloud, we see clients get a wide ranging yield from their environment. We can see clients getting as little as 7 GB per SVC per day and we also see clients get upwards of 20 GB per SVC (or more) per day.

For customer managed environments the unit is vCPU. The app reference age old techniques of looking at GB/Day yields at various workload profiles. This is easily seen in the ranges of output from Splunk indexers - "300GB from 24 core IDX, 150GB from 24 core IDX, etc."

These are purposefully coarse approaches which are meant to help quickly estimate potential output. There are many other sizing techniques (some of which are also embedded in this page) that can help hone in on a tighter estimate. These are simply meant to be quick, generally accurate, and relatively widely accepted.