Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I calculate size of WAN traffic between hosts?

karlbosanquet
Path Finder
‎01-18-2017 01:31 PM

I have a multisite Indexer Cluster and Search Head Cluster and I want to identify what is the volume of data being replicated/sent over the WAN between each host, what would be the best way to do this?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lycollicott
Motivator
‎01-19-2017 10:17 AM

I use this to track indexer replication traffic between my two sites:

index=_internal (host=indexer*) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

lycollicott
Motivator
‎01-19-2017 10:17 AM

I use this to track indexer replication traffic between my two sites:

index=_internal (host=indexer*) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)
0 Karma
Reply
Solved! Jump to solution

karlbosanquet
Path Finder
‎01-18-2017 11:01 PM

Is there a search that can be run to identify replicated data size and how often this happens? I need a volumetric profile of our WAN load.

0 Karma
Reply
Solved! Jump to solution

rbal_splunk
Splunk Employee
Splunk Employee
‎01-18-2017 01:41 PM

Bulk of the data replication will be between indexer's and that will depend on the RF and SF and indexing rate

0 Karma
Reply
Solved! Jump to solution

karlbosanquet
Path Finder
‎01-18-2017 01:55 PM

both are 2.

Indexer 1 = Site 1
Indexer 2 = Site 2
Search Head 1 = Site 1
Search Head 2 = Site 1
Search Head 3 = Site 2

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...