Solved: Is it best practice to collect data from network d...

dkeck · ‎11-13-2015

Hello and good morning,

I have a heavy forwarder that takes inputs from several network drives and it's working fine so far.

The question I can't find an answer to in the Splunk docs is, is getting data from network drives best practice?

The thing is, I have performance problems. The data is indexed with a delay and I'm trying to figure out if maybe the network drives have a part in that.

Any assistance on this would be greatly appreciated. A link to a Splunk doc would be perfect.

Thank you

dkeck · ‎11-15-2015

Thank you 🙂

I found a different failure, repsonsible for the delay. Thank you very much anyway.

Several Servers in the outputs.conf where not reachable, so splunk retried all the time.

View solution in original post

dkeck · ‎11-15-2015

Thank you 🙂

I found a different failure, repsonsible for the delay. Thank you very much anyway.

Several Servers in the outputs.conf where not reachable, so splunk retried all the time.

JeffSchumacher · ‎11-13-2015

I started seeing massive delays (5+ minutes, sometimes 10) after upgrading to 6.3.0 (Also having this problem is 6.3.1). I have about 60 UNC paths that I'm monitoring.

Changing to use the Universal Forwarder on the source of the logs worked around the massive delay problem for us,

dkeck · ‎11-15-2015

I would like to except your answer..but theres not button for it...sry

Is it best practice to collect data from network drives using a heavy forwarder? I'm seeing performance issues.

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

Tips & Tricks When Using Ingest Actions