Performance Tuning or Other Hints for Windows Even...

Getting Data In

We have been using WEF as our collection point for a while. We started out small but have expanded the range of events over time. We have ~5,000 hosts forwarding to a single collector.

The collector is busy, but seems to be healthy based on conventional Windows indicators.

However, we have some data loss between the centralized event and Splunk (cloud). Logs show up in the WEF collection log but never make it to the index.

First, are there any performance tuning suggestions you can offer UF on a WEF collector?

Second, can you think of any way to check on processing of a single event once it goes into the UF and heads to the indexer?

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...