https://community.splunk.com/t5/Monitoring-Splunk/How-do-we-detect-fluctuations-in-data-ingestion/m-p/706794#M10619 <P>What you are meaning with "We fail again and again"?</P><P>What kind of environment you have? Distributed, separate HEC nodes with LB?</P><P>Basically you could create e.g. dashboard where you are looking status information from _internal &amp; _introspection logs. You could also create alerts based on your normal and abnormal behaviour after that.</P><P>r. Ismo</P> Sat, 14 Dec 2024 00:20:04 GMT isoutamo 2024-12-14T00:20:04Z https://community.splunk.com/t5/Monitoring-Splunk/How-do-we-detect-fluctuations-in-data-ingestion/m-p/706776#M10618 <P>We fail again and again these days when we have major spikes in ingestion, primarily with HEC. What would be a good and efficient way to detect major up/down spikes in data ingestion.&nbsp;</P> Fri, 13 Dec 2024 18:59:54 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-do-we-detect-fluctuations-in-data-ingestion/m-p/706776#M10618 danielbb 2024-12-13T18:59:54Z https://community.splunk.com/t5/Monitoring-Splunk/How-do-we-detect-fluctuations-in-data-ingestion/m-p/706794#M10619 <P>What you are meaning with "We fail again and again"?</P><P>What kind of environment you have? Distributed, separate HEC nodes with LB?</P><P>Basically you could create e.g. dashboard where you are looking status information from _internal &amp; _introspection logs. You could also create alerts based on your normal and abnormal behaviour after that.</P><P>r. Ismo</P> Sat, 14 Dec 2024 00:20:04 GMT https://community.splunk.com/t5/Monitoring-Splunk/How-do-we-detect-fluctuations-in-data-ingestion/m-p/706794#M10619 isoutamo 2024-12-14T00:20:04Z