All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Cisco IPS: How many Cisco IPS devices/sensors can we add, and how can we find which ones are consuming more resources?

ppurokit
Path Finder
‎08-24-2015 02:27 AM

What is the max number of Cisco IPS devices/sensors we can add?
I have added 40+ devices, and system became bit slow.
Can we know which thread IPS sensor/Device thread is consuming more resources?
What is the Max log storage supported per Cisco IPS device?

0 Karma
Reply

jcoates_splunk
Splunk Employee
Splunk Employee
‎09-19-2015 01:14 PM

I would add them until collection slows down, and then add a second forwarder. We don't have several dozen Cisco IPS's, but in other API-based data collection tasks the slow-down point is somewhere between 10 and 30 devices.

I'd use a search like this to find your connections, then pipe it through transaction, then use stats. You might have to eval to find elapsed time. 

index=_internal source=*Splunk_TA_cisco-ips*
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...