Getting Data In

max throughputs of forwarders

SplunkTrust
SplunkTrust

dear sirs,

I'm aware about default limitations in a lightweight forwarder (256KB), which can be increased. it’s also clear to me that this depends on a lot of points, like sources (local disk, lan mount, lan interface speed, system performance etc.) and functionality (raw, lightweight and full forwarder).

what would be the critical throughput limit, that a forwarder could handle per second/minute/hour/day (practical experience) depending on functionality?

the question is related to forwarders which could send a huge amount of data within a short time range.

regards, michael

Tags (1)
1 Solution

SplunkTrust
SplunkTrust

had a little chat with mzorzi and we came up with the conclusion, that the throughput limit for a forwarder would be the network interface.

nevertheless, the indexer would be the bottleneck here, not the forwarder.

regards

View solution in original post

SplunkTrust
SplunkTrust

had a little chat with mzorzi and we came up with the conclusion, that the throughput limit for a forwarder would be the network interface.

nevertheless, the indexer would be the bottleneck here, not the forwarder.

regards

View solution in original post