Solved: Re: Maximum number of stanzas on an indexer

gfuente · ‎12-11-2013

Hello

I was wondering if there is a hard limit regarding the maximun number of stanzas that can be defined in props.conf on an indexer.

In other words, is it possible to index "unlimited" number of different sourcetypes, or there is a limit.

Regards

gfuente · ‎01-16-2014

Well

It seems that nobody knowns the answer, so as Splunk is AWESOME I will give for granted that it is able to parse unlimited number of distinct sourcetypes.

PS: I want my self-learner badge!

View solution in original post

gfuente · ‎01-16-2014

Well

It seems that nobody knowns the answer, so as Splunk is AWESOME I will give for granted that it is able to parse unlimited number of distinct sourcetypes.

PS: I want my self-learner badge!

the_wolverine · ‎01-16-2014

I can't answer what the hard limit is -- probably needs to be tested and confirmed by Splunk (or some unlucky customer). However there are performance issues that can result from too many source types. I've experienced them after finding a source configured with auto-sourcetyping which basically created a new sourcetype every time the log rolled. It caused Splunk performance to go down the crapper.

Maximum number of stanzas on an indexer

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

New Splunk Innovations Enhance Performance and Accelerate Troubleshooting