Server Requirements (On-prem)
UXM Deployment and Scaling Overview
UXM is built to deliver reliable performance and scalability — supporting 10,000+ desktop agents and handling millions of web page requests daily.
To ensure optimal performance, we recommend deploying a Splunk Heavy Forwarder integrated with UXM, which includes NGINX and the RabbitMQ queue. This setup forwards data to Splunk Indexers through the HTTP Event Collector (HEC), ensuring efficient, real-time data ingestion.
1. Standalone Deployment
Best for:
Organizations with up to 20,000 endpoints and up to 4 concurrent data analysis users.
If your organization already uses Splunk, we recommend adding a Heavy Forwarder configured with NGINX and RabbitMQ. This helps manage data flow smoothly and prevents overloading your Search Head.
| Component | Number of Servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Receiving, Analysis, and Storage | 1 | 8 vCPU | 32 GB RAM | 300 GB SSD | NGINX, RabbitMQ, Splunk Search Head, Splunk Indexer |
Typical Splunk license usage: < 10 GB per day.
2. Small Distributed Deployment
Best for:
Environments with around 20,000 endpoints and more than 4 concurrent users performing data analysis.
This model separates the data collection and data analysis/storage functions, enabling better scalability and performance as your environment grows.
| Component | Number of Servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Collector | 1 per 20,000 endpoints | 8 vCPU | 12 GB RAM | 100 GB SSD | Splunk Heavy Forwarder, NGINX, RabbitMQ |
| Data Analysis and Storage | 1 | 16 vCPU | 64 GB RAM | 100 GB SSD + 500 GB for 1-year retention | Splunk Search Head, Splunk Indexer |
Typical Splunk license usage: 10–70 GB per day.
3. Large Distributed Deployment
Best for:
Large organizations managing up to 70,000 laptops/desktops/thin clients, 6,000 Citrix servers, and approximately 60,000 Citrix users.
This architecture ensures high reliability and performance by distributing data collection, analysis, and storage across multiple dedicated servers.
| Component | Number of Servers | CPU | Memory | Disk | Software |
|---|---|---|---|---|---|
| Data Collector | 4 (1 per 20,000 endpoints) | 16 vCPU | 16 GB RAM | 300 GB SSD | Splunk Heavy Forwarder, NGINX, RabbitMQ |
| Data Analysis | 1 | 48 vCPU | 62 GB RAM | 300 GB SSD | Splunk Search Head |
| Data Storage | 1 | 48 vCPU | 62 GB RAM | 300 GB SSD + 10 TB for 1-year retention | Splunk Indexer |
Typical Splunk license usage: ~75 GB per day.