Re: Monitoring a filepath effectively

kymenope · ‎07-07-2023

I have been attempting to add a file path in data inputs as well as in the inputs.conf file as a "monitor". Each time I implement this Splunk ingestion latency spikes to over 300ms and the service becomes effectively unusable.

My intention is to monitor file additions, deletions, and modifications within a specific filepath.

Any ideas?

kymenope · ‎07-07-2023

once I enable the data input I am unable to use Splunk whatsoever due to this ingestion latency.

I have assigned the inputs a sourcetype but querying for said search type always returns no results.

inventsekar · ‎07-07-2023

maybe you should provide us more details pls..

1) the UF ... linux or win..

2) do you have HF or not

3)the indexers... is it basic single indexer or you have clusters

4)did you do any upgrades recently on the indexer(s)?!?!

5) is it regular log file data onboarding or is it scripted input or HEC or something else..

inventsekar · ‎07-07-2023

the ingestion latency of 300 milli seconds

you meant to say, the 300 MS is a huge delay? may we know what delay you are expecting? pls let us know more details about the requirements, so that we can understand it and suggest you a solution. thanks.

Best Regards,
Sekar

my youtube channel for Splunk Newbie Learnings
https://www.youtube.com/@SiemNewbies101/videos

How can I monitor a filepath effectively?

indexing performance

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector