Splunk POD requirements
Ensure your environment meets these infrastructure requirements before deploying the Splunk POD cluster.
Before you deploy your Splunk POD cluster, ensure that your environment meets the following operating system, hardware, network, and storage requirements.
Operating system and system configuration
Operating system and system configuration prerequisites for Splunk POD nodes.
Ensure all nodes in the Splunk POD environment meet these requirements:
- Install Red Hat Enterprise Linux (RHEL) 9.6.
- Disable SELinux to avoid conflicts with the installer.
- Disable Transparent Huge Pages (THP) to optimize memory management for Splunk Enterprise.
- Configure Chrony to synchronize clocks across all POD servers.
For detailed system configuration instructions, see the Splunk POD CVD.
Node hardware requirements
Specific UCS hardware and disk allocation for Splunk POD node types.
Each node type requires specific UCS hardware and disk allocation to manage the Kubernetes control plane and Splunk components.
| Node type | UCS server model | Description and requirements |
|---|---|---|
| Bastion node | UCS C225 server | Primary control point for installation and agent management. Provide a minimum of 100GB free disk space for installer binaries, logs, and configuration files. |
| Control plane nodes | UCS C225 servers | Manage Kubernetes cluster operations. Assign at least 2 cores and 8GB RAM per node. Ensure each node has at least 100GB of free disk space. |
| Search head nodes | UCS C225 or C245 servers | Host the search heads. Use C225 servers for search head pods. |
| Indexer nodes | C245 servers | Host the Splunk indexers. Configure storage to satisfy 90 days of hot/warm cache retention. |
| Volume servers | C245 servers | Host the SeaweedFS volume pods for object storage. Configure storage to satisfy one year of total retention. |
For detailed hardware requirements, see the Splunk POD CVD.
Network and access requirements
Connectivity, SSH, and DNS prerequisites for Splunk POD.
The installation process requires unrestricted communication between nodes and specific access privileges.
Network connectivity: All nodes must have open network access to each other (all ports, all protocols) for communication between nodes in the same Splunk POD server rack. Nodes do not require internet access.
SSH access: Use an SSH key with full sudo privileges to allow the installer to access and configure all control and worker nodes. Specify this SSH key in the cluster configuration file. For detailed instructions about configuring SSH access, see the Splunk POD CVD.
DNS configuration: Configure forward and reverse DNS for all POD servers if you plan to use name-based routing.
Storage configuration
Storage specifications and RAID requirements for Splunk POD nodes.
Configure storage according to the following specifications for each node type:
C225 Control Plane and Bastion storage
Configure these volumes on the C225 servers to support the base operating system, the local OCI container registry, and the Splunk agent management home directory.
| Mount Point | Volume Requirements | Purpose |
|---|---|---|
| / | 2x 480GB NVMe RAID1 | Operating system |
| /data/shared | 960GB Total (RAID1) | OCI registry and deployment server home |
C225 Search Head storage
Apply these specifications to provide high-speed storage for search head services and persistent Kubernetes volumes.
| Mount Point | Volume Requirements | Purpose |
|---|---|---|
| / | > 500 GB | Operating system |
| /data/shared | 2x 960GB NVMe RAID1 | Shared storage for scheduled pods |
C245 Indexer Node Storage
Configure these volumes to satisfy hot/warm cache retention and ensure proper indexer pod placement.
| Mount Point | Volume Requirements | Purpose |
|---|---|---|
| / | 2x 480GB NVMe RAID1 | Operating system |
| /data/shared | 11x 6.4TB NVMe (RAID5) + 1x 6.4TB Hot Standby | Indexer PVCs and local bucket cache |
C245 Volume Node Storage
Configure these volumes to support the object store and ensure proper SeaweedFS volume pod placement.
| Mount Point | Volume Requirements | Purpose |
|---|---|---|
| / | 2x 480GB NVMe RAID1 | Operating system |
| /data/storage | 23x 15.3TB NVMe (RAID5) + 1x 15.3TB Hot Standby | Object store (SeaweedFS) |
RAID requirement
All nodes require pre-configured RAID1 or RAID5 arrays as specified in the Storage Configuration tables. The Kubernetes installer does not configure RAID. Configure all RAID arrays before installing the operating system. For configuration steps, see the Splunk POD CVD.