Measuring thruput of heavy forwarders in a dashboa...

mwdbhyat · ‎12-07-2016

Hi,

Quick question regarding metrics.log and a heavy forwarder (HF). I'm using a dashboard to measure the thruput on a few HF's and was curious if using metrics.log group=thruput name=thruput adds both input and output thruput to the final result ?

Thanks!

inventsekar · ‎12-08-2016

http://blogs.splunk.com/2008/05/15/forwarder-and-indexer-metrics/

Here’s a sample query that you can run on each indexer instance to get a report on thruput by each forwarding entity:

index=_internal metrics "group=tcpin_connections" | timechart span=30s avg(tcp_bps) by sourceHost

jlvix1 · ‎12-07-2016

Post one of your queries

koshyk · ‎12-07-2016

As per the thread : https://answers.splunk.com/answers/377028/how-to-configure-dmc-for-heavy-forwarder-monitorin.html an idea is to mark the heavyforwarder as an "indexer" in the DMC and DMC will all do it for you

Measuring thruput of heavy forwarders in a dashboard. Would using "metrics.log group=thruput name=thruput" add both input and output thruput to the final result?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation