Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

I have configured my universal forwarder port through the TCP port. Will data be lost if my server is rebooted?

ankithreddy777
Contributor
‎03-07-2017 09:11 AM

I am getting data to Splunk Universal Forwarder port through the TCP port. Then the data is forwarded to indexers. What if the server is rebooted, will there be the data loss? If not, how much time can data can be in hold until the server is restarted? What factors should I consider?

0 Karma
Reply

woodcock
Esteemed Legend
‎03-07-2017 09:57 AM

Given your updated, the answer is "probably". It all depends on how Cloud Foundry handles the loss of the destination. Because you are TCP (not UDP), the sending side knows when the receiving side is gone. Whether it looks for this or not, and if it does, how it handles this, will depend on the sender. So you need to check out how Cloud Foundry handles this. Most TCP senders do have a queue to handle these situations but it usually is not very big and fills up pretty quickly.

Reply

ankithreddy777
Contributor
‎03-07-2017 10:17 AM

thanks for the reply

0 Karma
Reply

woodcock
Esteemed Legend
‎03-07-2017 09:17 AM

You have not given enough description of your topology and software in order for anyone to give you an answer that is worth anything.

0 Karma
Reply

ankithreddy777
Contributor
‎03-07-2017 09:41 AM

I am getting tcp streams of data from clould foundry. My Splunk UF is picking the data trough TCP port and forwarding it to indexers. Does data is lost if Splunk UF is rebooted? or data loss depends on the source architecture(clould foundry)?

0 Karma
Reply
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...