Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do we detect fluctuations in data ingestion?

danielbb
Motivator
‎12-13-2024 10:59 AM

We fail again and again these days when we have major spikes in ingestion, primarily with HEC. What would be a good and efficient way to detect major up/down spikes in data ingestion. 

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎12-13-2024 04:20 PM

What you are meaning with "We fail again and again"?

What kind of environment you have? Distributed, separate HEC nodes with LB?

Basically you could create e.g. dashboard where you are looking status information from _internal & _introspection logs. You could also create alerts based on your normal and abnormal behaviour after that.

r. Ismo

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...