Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Determine The Amount Of Data Forwarded By Splunk Forwarder Over Time X

tehmasp
Engager
‎10-31-2011 08:10 PM

Want to know if there is an easy way to check the amount of data a Splunk Forwarder on a box has forwarded to an Indexer over some period of time? Is this data logged somewhere? Is there a Splunk search I can do w/ a 'host' attribute and determine the amount of raw data collected over the search period? Thanks!

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

_d_
Splunk Employee
Splunk Employee
‎10-31-2011 08:15 PM

Yes, install Deployment Monitor app on Splunk Indexer and you will have access to really useful information/charts/dashboards about all your splunk instances including what you're looking for and more. If you are on Splunk 4.2.3 or later you just have to enable it (as it comes with it).
Otherwise use this link to get it: http://splunk-base.splunk.com/apps/22301/splunk-deployment-monitor

Hope this helps

> please upvote and accept answer if you find it useful - thanks!

View solution in original post

Reply
Solved! Jump to solution

tehmasp
Engager
‎10-31-2011 08:19 PM

Ah, right. I have this installed but don't use it nearly often. Thanks!

My reason for asking was to get a better idea of the amount of data forwarded by certain classes of forwarders in our environment as to better set the MaxQueueSize in outputs.conf in the event of Indexer failure.

0 Karma
Reply
Solved! Jump to solution

_d_
Splunk Employee
Splunk Employee
‎10-31-2011 08:21 PM

No problems. Please consider upvoting and accepting the answer so that other members can benefit from it. Thanks.

0 Karma
Reply
Solved! Jump to solution
Solution

_d_
Splunk Employee
Splunk Employee
‎10-31-2011 08:15 PM

Yes, install Deployment Monitor app on Splunk Indexer and you will have access to really useful information/charts/dashboards about all your splunk instances including what you're looking for and more. If you are on Splunk 4.2.3 or later you just have to enable it (as it comes with it).
Otherwise use this link to get it: http://splunk-base.splunk.com/apps/22301/splunk-deployment-monitor

Hope this helps

> please upvote and accept answer if you find it useful - thanks!

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...