Deployment Architecture

Is there any data transfer rates between search head and indexers?

sarwshai
Communicator

Just wanted to know is there any bandwidth rate for splunk search head to retrieve the logs from Indexers for search-ability?
If yes how one can find it?

0 Karma

bmacias84
Champion

I dont believe there is a good way. Also their are other transfers happening such as bundle replication. Though the search below may help.

`dmc_set_index_introspection` host=your search head sourcetype=splunk_resource_usage data.search_props.sid::* | stats max(data.written_mb) as mbWritten last(_time) as _time by data.search_props.sid | bucket _time span=1m | stats sum(mbWritten) as mbWrittenBySearch by _time
0 Karma

bheemireddi
Communicator

sarwshai, Can you elaborate your question? are you experiencing any issues with search results or the rates at which you are expecting? is it slow?

0 Karma

sarwshai
Communicator

No, there isn't any issue with search results, i want to specifically know the transfer rate of logs for the scheduled searches i have in my environment, i.e i want to calculate the data transfer(bps or eps) between my search head and indexer for the scheduled searches i have.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...