https://community.splunk.com/t5/Getting-Data-In/Rate-limiting-for-API-or-HTTP-Event-Collector/m-p/225914#M44145 <P>Hi Jeremiah</P> <P>We don't have anything built in to rate limit access. Using something like <A href="http://nginx.org/en/docs/http/ngx_http_limit_req_module.html">nginx</A> would be a good option.</P> Tue, 16 Aug 2016 05:27:02 GMT gblock_splunk 2016-08-16T05:27:02Z https://community.splunk.com/t5/Getting-Data-In/Rate-limiting-for-API-or-HTTP-Event-Collector/m-p/225913#M44144 <P>Has anyone tried implementing rate-limiting on either the Splunk API, UI or the HTTP Event Collector? I'm thinking either on a per-IP, user, or token basis?</P> <P>I know Splunk has built-in quotas for executing searches, but I'm thinking about the other ways you can overload a server, for example through excessive REST queries, programmatically refreshing the browser, or pushing excessive HEC events. </P> <P>Maybe via load balancer, or by using an nginx frontend?</P> Wed, 10 Aug 2016 22:06:58 GMT https://community.splunk.com/t5/Getting-Data-In/Rate-limiting-for-API-or-HTTP-Event-Collector/m-p/225913#M44144 Jeremiah 2016-08-10T22:06:58Z https://community.splunk.com/t5/Getting-Data-In/Rate-limiting-for-API-or-HTTP-Event-Collector/m-p/225914#M44145 <P>Hi Jeremiah</P> <P>We don't have anything built in to rate limit access. Using something like <A href="http://nginx.org/en/docs/http/ngx_http_limit_req_module.html">nginx</A> would be a good option.</P> Tue, 16 Aug 2016 05:27:02 GMT https://community.splunk.com/t5/Getting-Data-In/Rate-limiting-for-API-or-HTTP-Event-Collector/m-p/225914#M44145 gblock_splunk 2016-08-16T05:27:02Z