Hi,
I am having some trouble understanding the right configuration for collecting the Logs from the Event Hub of the App "Microsoft Cloud Services".
From the documentation: Configure Event Hubs it is not clear how to set these three parameters for a Log Source that collect A LOT of logs every minute.
interval --> The number of seconds to wait before the Splunk platform runs the command again. The default is 3600 seconds.
There is a way in the _internal logs to check when the command is executed?
max_batch_size --> The maximum number of events to retrieve in one batch. The default is 300.
This is pretty clear, but can we increase this value as much as we want? I believe we encounter some performance issue on that.
max_wait_time --> The maximum interval in seconds that the event processor will wait before processing. The default is 300 seconds.
Processing what? Waiting for what?
Anyone know a configuration of values between these three fields that could optimize an Event Hub with thousands and thousands of Logs ??
