Cisco Blogs
Share

Cisco UCS Integrated Infrastructure for Big Data with Splunk Enterprise


November 18, 2014 - 0 Comments

The Cisco UCS Integrated Infrastructure for Big Data is the third generation of Cisco UCS Common Platform Architecture (CPA) for Big Data with significant improvements in performance and capacity. The solution has been widely adopted across major sectors including agriculture, education, entertainment, finance, healthcare, manufacturing and governments.

Today I’m pleased to announce that we are expanding our Cisco Integrated Infrastructure for Big Data portfolio to include joint reference architectures with Splunk. Splunk helps organizations unlock the value hidden within massive volumes of machine data generated by websites, applications, servers, networks, mobile devices and all the sensors and RFID assets that produce data every second of every day. Many organizations rely on Splunk for real-time end-to-end operational visibility and security intelligence, and as a result index terabytes of data every day across physical, virtual and cloud environments. A high performance, highly scalable, enterprise class infrastructure is critical.

Cisco has worked closely with Splunk to deliver a comprehensive solution with Splunk Enterprise that supports the massive scalability Splunk Enterprise deployments demand while delivering exceptional performance that dramatically exceeds Splunk reference hardware. See table 1. In short: Deploying Splunk Enterprise on UCS-based architectures enables organizations to improve performance up to 25x or index more than a TB/day with a 1 year retention policy.

Optimized for high performance or high data retention the solution is available in single instance (ideal for small-medium deployments) and scale-out cluster (designed for large scale deployments with data replication for redundancy).

High performance option: The single instance solution is based on UCS C220 M4 Server supports up to 250 GB* of indexing capacity per day with 1-month* data retention. The scale-out cluster solution consists of sixteen UCS C220 M4 Server (indexers), five UCS 220 M4 Servers (three search heads, two administration and master nodes) supports up to 8TB* of indexing capacity per day with a 16 day* data retention. Ideal for security, operations, and business intelligence use cases that require extremely fast response times for multiple concurrent searches.

High data retention option: The single instance solution is based on UCS C240 M4 Server supporting a 1 year retention period at 80GB per day Indexing capacity. The scale-out cluster consists of sixteen UCS C240 M4 Server (indexers), five UCS 220 M4 Servers (three search heads, two administration and master nodes) with a 1 year retention period at 1.25TB per day Indexing capacity. This solution is ideal for applications requiring a balance of performance with a long data retention period.

Table 1: Performance benchmark data on Cisco UCS High Retention Single Instance Architecture

Searching (No indexing load) – Average Searches Per Minute (4-64)
Search Type

Cisco UCS High Retention Single Instance Architecture

Performance Gains relative to Splunk Reference HW**

Dense Searches(1 in every 100 events)

68

2.13 x

Rare Searches(1 in every 1M events)

51

25.5 x

Very Rare Searches(1 in every 100M events)

168

16.8 x

Searching and Indexing – Average Searches Per Minute (4-64)
Search Type

Cisco UCS High Retention Single Instance Architecture

Performance Gains Relative to Splunk Reference HW**

Dense Searches(1 in every 100 events)

31

1.1 x

Rare Searches(1 in every 1M events)

15

15 x

Very Rare Searches(1 in every 100M events)

67

9.6 x

Together, Cisco and Splunk are helping organizations break down internal silos and harness big data to deepen business and customer understanding, mitigate cybersecurity risk, prevent fraud, improve service performance and reduce cost.

* Indexing capacity and data retention are inversely related, and a smaller indexing volume enables a greater retention capacity.
** Based on reference hardware specs outlined in the Splunk Capacity Planning Manual.

Additional Information
Cisco UCS Integrated Infrastructure for Big Data with Splunk Enterprise

 

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.