Getting Data In

Best practices for logging large events (SOAP requests with included Base64 encoded documents)

falkberger
New Member

We need to log all data traffic from SOAP interfaces with large requests/responses, which sometimes contain included Base64 encoded documents. The log events are up to 20 MB.
It that possible without performance impacts or should we filter the messages before they are forwarded to the indexer and send them to another storage (f.i. S3)? We need all this events in Splunk, but it would be sufficient to have references to the encoded documents.
Does anyone have experience with forwarding/logging huge events?

Our Splunk volume license wouldn't be a problem, we have a contract of about 100 GB daily für Splunk AWS.

Regards,
Falk Berger

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!