Deployment Architecture

How can I calculate size of WAN traffic between hosts?

karlbosanquet
Path Finder

I have a multisite Indexer Cluster and Search Head Cluster and I want to identify what is the volume of data being replicated/sent over the WAN between each host, what would be the best way to do this?

0 Karma
1 Solution

lycollicott
Motivator

I use this to track indexer replication traffic between my two sites:

index=_internal (host=indexer*) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)

View solution in original post

0 Karma

lycollicott
Motivator

I use this to track indexer replication traffic between my two sites:

index=_internal (host=indexer*) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)
0 Karma

karlbosanquet
Path Finder

Is there a search that can be run to identify replicated data size and how often this happens? I need a volumetric profile of our WAN load.

0 Karma

rbal_splunk
Splunk Employee
Splunk Employee

Bulk of the data replication will be between indexer's and that will depend on the RF and SF and indexing rate

0 Karma

karlbosanquet
Path Finder

both are 2.

Indexer 1 = Site 1
Indexer 2 = Site 2
Search Head 1 = Site 1
Search Head 2 = Site 1
Search Head 3 = Site 2

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...