Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to fix error: Server is busy - HTTP Event Collector

robertlynch2020
Influencer
‎03-07-2022 10:11 AM

Hi

We are sending in Opentelemtory metrics into Splunk via HTTP Event Collector.

However, we got the following errors the other days "server is busy" . I can see the data did come in at that time, but it gets retried so that explains that.

How do I stop this from happening in the future?

Another question is what is the max throughput Splunk can take in via HTTP?

robertlynch2020_0-1646676833221.png

The below code came from the OP - Python scripts 

 

 

2022-03-04T19:41:36.125+0100    info    exporterhelper/queued_retry.go:215      Exporting failed. Will retry the request after interval.        {"kind": "exporter", "name": "splunk_hec/logs", "error": "Post \https://dell425srv:9088/services/collector\: context deadline exceeded (Client.Timeout exceeded while awaiting headers)", "interval": "5.6081835s"}

 

 

 

Thanks in advance

Rob

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎03-07-2022 10:47 AM

I would tune Splunk HEC so that it's thruput is optimized. A good read is here: https://conf.splunk.com/files/2017/slides/measuring-hec-performance-for-fun-and-profit.pdf

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎03-07-2022 10:47 AM

I would tune Splunk HEC so that it's thruput is optimized. A good read is here: https://conf.splunk.com/files/2017/slides/measuring-hec-performance-for-fun-and-profit.pdf

0 Karma
Reply
Solved! Jump to solution

robertlynch2020
Influencer
‎03-08-2022 04:45 AM

Hi

This is good information, and thanks

I will look at it and hopefully it will help me.

Another question to ask is, do you think increased HEC traffic on an non-optmised Splunk can cause Splunk to crash with "inotify cannot be used, reverting to polling: Too many open files". I am starting to get that now and the only major change is the new traffic from HEC.

 

Thanks 

Rob

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...