Solved: Re: Is it best practice to collect data from netwo...

dkeck · ‎11-13-2015

Hello and good morning,

I have a heavy forwarder that takes inputs from several network drives and it's working fine so far.

The question I can't find an answer to in the Splunk docs is, is getting data from network drives best practice?

The thing is, I have performance problems. The data is indexed with a delay and I'm trying to figure out if maybe the network drives have a part in that.

Any assistance on this would be greatly appreciated. A link to a Splunk doc would be perfect.

Thank you

dkeck · ‎11-15-2015

Thank you 🙂

I found a different failure, repsonsible for the delay. Thank you very much anyway.

Several Servers in the outputs.conf where not reachable, so splunk retried all the time.

View solution in original post

dkeck · ‎11-15-2015

Thank you 🙂

I found a different failure, repsonsible for the delay. Thank you very much anyway.

Several Servers in the outputs.conf where not reachable, so splunk retried all the time.

JeffSchumacher · ‎11-13-2015

I started seeing massive delays (5+ minutes, sometimes 10) after upgrading to 6.3.0 (Also having this problem is 6.3.1). I have about 60 UNC paths that I'm monitoring.

Changing to use the Universal Forwarder on the source of the logs worked around the massive delay problem for us,

dkeck · ‎11-15-2015

I would like to except your answer..but theres not button for it...sry

Is it best practice to collect data from network drives using a heavy forwarder? I'm seeing performance issues.

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation