Deployment Architecture

Is there a limit on how many concurrent connections one Splunk instance (deployment server) can have?


We have a server farm in the clouds that numbers in the thousands. But we have only one deployment manager. My question is -

whenever I do a deployment across the farm, will that crowd out other connections (e.g. from clients, forwarders, etc.)

Asked differently - is there a limit of how many concurrent connections can one Splunk instance have? If so, where is this value set or can be changed?

I googled and RTFM-ed a bit. The online doc says that in the limits.conf:
max_count = < integer >
- Maximum number of detected concurrencies.
- Defaults to 10000000

Is this it? If so I'd be so happy.

Thanks in advance

0 Karma

Splunk Employee
Splunk Employee

You might not have seen this article:
It covers much of what you're asking conceptually...

the concurrency setting you are referencing has to do with events, not connections. The Deployment Server communicates via the management port. What you will read in the doc above, is that a Deployment Server managing over 300 forwarders should be it's own instance and not activated on a search head that is busy doing other things... but you can read about it in detail on the Wiki.

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!