Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Server crashes when launching data integrator

vnetrebko
Explorer
‎09-25-2024 03:21 AM

Hi! Is there any way to make data retrival rate slower? Something like 1h worth of data every 1m
When we are trying to save 30D data from our elastic(about 4.4m events) server makes huge network load spike and then stops responding.

Labels (2)
Labels
0 Karma
Reply

dural_yyz
Motivator
‎09-25-2024 07:51 AM

https://docs.splunk.com/Documentation/Splunk/9.3.0/Admin/Outputsconf

There are many options available in the outputs.conf.spec sheet.  You can start setting queue and buffers but be cautious that data in queues and buffers can age out and risk no ingestion.

The other thing is try setting compression to reduce the network traffic demands but it will increase the CPU demands on source and destination so make sure that you have cycles to spare.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...