Getting Data In

Log ingestion Via HEC - Huge log volume

vijaysri
Contributor

Hi All,

We are ingesting huge volume of logs from fluentd to splunk via HEC method. Will there be any loss as huge volumes are ingested (5GB) per day?

If yes, how to rectify it?

Is there any alternate method to ingest fluentd logs?

Labels (1)
Tags (1)
0 Karma

livehybrid
Contributor

Hi @vijaysri ,

What size host is your HEC receiver running? Its worth checking out https://www.splunk.com/pdfs/technical-briefs/splunk-validated-architectures.pdf to check your setup aligns with best practice, however I would not personally consider 5GB to be to a particularly large volume when it comes to Splunk HEC ingest.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!