Configuring Splunk HTTP Event Collector for performance

LESSON LEARNED

By running those tests we have learned:

Splunk is very configurable. And some default configurations might not work in all environments. Always test higher loads on your environments, to be prepared for tomorrow. Use all the tools available for troubleshooting performance. We used EC2 monitoring tools with CloudWatch, Splunk Monitoring Console, and of course dashboards provided by our solution Monitoring Docker (OpenShift and Kubernetes). We believe that the dashboard Splunk Monitoring Console – Indexing Performance: Advanced – Splunkd Thread Activity is essential for monitoring the Indexing pipeline and Splunk HTTP Event Collector. We believe in some of the first runs, we would find it very valuable and find how important it would be to change dedicatedIOThreads for Splunk HTTP Event Collector. Monitoring Network traffic is vital to estimate the load your network can handle. Request Time between the Splunk HEC Client and the Server is a good measurement that all your pipeline behind Splunk HEC is lagging. — Lees op www.outcoldsolutions.com/blog/2021-04-21-configuring-hec-for-performance/