Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

When sending data with http event collector is there any throttling by default?

andyy5
New Member
‎11-21-2019 09:26 AM

Hello,

When sending data with HEC to Splunk Enterprise/Cloud, is there any throttling by default? Or is there an option to set this?
I plan on sending data every few seconds for a long period of time.

Thanks.

0 Karma
Reply

ivanreis
Builder
‎11-25-2019 07:22 PM

I did not play around the HEC for Splunk cloud. Per my research the HEC is enabled by default for your Splunk Cloud environment with a 1 MB size limit on the maximum content length.

For further information about the cloud limits and constraints, check the link below:
https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice#Service_limits_a...

If you need to increase the capacity
https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice#Subscription_exp...

For Splunk Enterprise there are two parameter that you have to play around. They are "queueSize" and "persistentQueueSize" that you have to setup at inputs.conf under http stanza like this one: [http://yourtokenname]

queueSize The maximum size of the input queue in memory. The value of this parameter is in the form [KB|MB|GB]. The default value is 500KB.

persistentQueueSize = [KB|MB|GB|TB]
* Maximum size of the persistent queue file.
* Persistent queues can help prevent loss of transient data. For information on
persistent queues and how the 'queueSize' and 'persistentQueueSize' settings
interact, search the online documentation for "persistent queues"..
* If you set this to a value other than 0, then 'persistentQueueSize' must
be larger than either the in-memory queue size (as defined by the
'queueSize' setting in inputs.conf or 'maxSize' settings in [queue] stanzas
in server.conf).
* Default: 0 (no persistent queue).

https://docs.splunk.com/Documentation/Splunk/8.0.0/Data/UseHECusingconffiles#Per-token_settings

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...