Unmatched Performance in Splunk

The beauty of Kinney Group’s new reference design for Splunk lies in the unmatched performance provided by combining PureStorage FlashBlade®, Splunk SmartStore, and Kinney Group’s advanced Splunk configuration tuning in a virtualized environment.

PureStorage FlashBlade® supports file and object storage, producing a seamless integration with Splunk SmartStore. These technologies provide an all-flash performance, even for data that would have been traditionally rolled into cold buckets on slower storage tiers. Kinney Group optimizations enable rapid ingest and quick searches even at high volume, and testing showed the reference design can easily ingest up to 4x the Splunk-recommended limit. That means a Splunk-recommended architecture for 500 GB of daily ingest can handle 2 TB or more. In fact, testing showed that a sustainable result of 8x the recommended limit (4 TB/day) is possible.

Optimizing Splunk for Lightning Fast Search

Kinney Group’s engineering expertise in optimizing Splunk enables users to ingest more data, more quickly. Optimization and fine-tuning of the environment yields astonishing results. Splunk searches on traditional, distributed scale-out architectures lead to significant performance degradation as data ages. As it ages, data is tiered to cheaper and lower-performance storage tiers in cold buckets, significantly impacting search performance. This storage approach is especially impractical when responding to search requests related to regulatory or compliance requirements, cybersecurity, and legal discovery—all of which demand information beyond the most immediate data.

Utilizing SmartStore with FlashBlade®, however, provides all-flash performance with high bandwidth and parallelism for data operations and searches outside of the SmartStore cache. It also ensures that you can efficiently complete critical, non-repetitive tasks while supporting the bursting of SmartStore indexers. By Splunk best practices, high search execution latency should be avoided and can cause a cascading degradation in performance. At the highest levels of data throughput tested in the validation of this design, disk latency never exceeded 2ms, and Input/Output Operations Per Second (IOPS) remained flat.

Optimizing Splunk for Lightning Fast Security Workloads

Using Splunk Enterprise Security (ES) “off the shelf,” there are a number of inefficiencies in search configuration. In the testing and validation of this Reference Design, Kinney Group was able to tune ES to avoid skipped searches while maintaining the level of searches in the environment. Splunk will often skip scheduled searches — as a result of high latency that Splunk is not able to overcome — by postponing or rescheduling the search or searches. This was accomplished, in part, by including updated timing of searches and increasing search slots in the software. (See the “Enterprise Security Tuning” section of this document for details.)

The net result is an environment with such precise software tuning and hardware engineering that you’ll imagine the sound of a perfect Formula-1 racing engine every time you walk by your server room.

Enabling Data Security without Hindering Performance

In a traditional Splunk environment, enabling data security introduces various considerations that significantly impact performance. Pure Storage FlashBlade® supports native data encryption while still maintaining incredible single chassis performance of 1.5 million IOPS and 15 gigabytes per second (GB/s) of throughput at consistently low latency.

We hate to say “faster, better, cheaper,” but…

We know how tired the “faster, better, cheaper” trope is, but the reality simply can’t be avoided. This unmatched performance doesn’t come with the soul-crushing price tag you’d expect. Rather, we’ve engineered a solution that allows you to reduce footprint and impact the total cost of ownership (TCO) in a way that demands further inspection — you’ll save on capital expenses, operating expenses, and who knows how much on aspirin.

Modernize Your Splunk Environment

We gave you a taste of the power backing the reference design model and how it can modernize your Splunk environment. Now, it’s time to download your copy and access the full document of information instantly. Within the reference design, we’ll dig deeper into the 3 Key Benefits of utilizing the reference design in modernizing your Splunk operations and dive into the technology supporting the findings. Download your copy of the white paper here.

Author

Start typing and press Enter to search