Configuring Splunk HTTP Event Collector for performance
Data PlatformsLESSON LEARNED
By running those tests we have learned:
Splunk is very configurable. And some default configurations might not work in all environments. Always test higher loads on your environments, to be prepared for tomorrow. Use all the tools available for troubleshooting performance. We used EC2 monitoring tools with CloudWatch, Splunk Monitoring Console, and of course dashboards provided by our solution Monitoring Docker (OpenShift and Kubernetes). We believe that the dashboard Splunk Monitoring Console, Indexing Performance: Advanced, Splunkd Thread Activity is essential for monitoring the Indexing pipeline and Splunk HTTP Event Collector. We believe in some of the first runs, we would find it very valuable and find how important it would be to change dedicatedIOThreads for Splunk HTTP Event Collector. Monitoring Network traffic is vital to estimate the load your network can handle. Request Time between the Splunk HEC Client and the Server is a good measurement that all your pipeline behind Splunk HEC is lagging. , Lees op www.outcoldsolutions.com/blog/2021-04-21-configuring-hec-for-performance/
AI & Security Intelligence
Wekelijkse nieuwsbrief met AI updates, security alerts en compliance inzichten, direct in uw inbox.
Security & AI Operating Model
Advisory met executiekracht
Van BIO2 en NIS2 tot EU AI Act, embedded in uw operating model, niet als extern project. Maandelijks opzegbaar, met assessments als bewijsvoering.