- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- Re: Is it possible to configure HTTP Event Collect...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I wrote a simple test to push logs to Splunk through the Http Event Collector, directly using .NET webclient. The code simply loops and pushes a web request to the collector on the Splunk instance running on my local machine.
Running this test, I'm finding that I cannot get logs into Splunk any faster than a single log line per second. The code is very simple, so I'm sure that there aren't any delays on the client side. What I'm seeing is that it usually takes up to a full second for Splunk to respond with the "OK" response. I'm concerned this will become a performance bottleneck for my application.
I'm wondering if this is the approximate expected response time per request. It almost seems like this is being intentionally throttled. If it is, is this configurable?
I understand higher performance can be achieved by batching requests, or by spawning mutliple clients and issuing these requests in parallel. I want to know however what is the throughput limit that can be achieved on a per thread basis without batching. Any insight that can be provided would be appreciated.
Thanks!
Richard
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I figured out the problem. I had my test running through Fiddler, which was forcing it to renegotiate the SSL handshake for every request. Once I routed the test directly the response times were much better – 2ms or better.
Thanks,
Richard
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I figured out the problem. I had my test running through Fiddler, which was forcing it to renegotiate the SSL handshake for every request. Once I routed the test directly the response times were much better – 2ms or better.
Thanks,
Richard
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just an additional note: I measured the time each call takes to send and receive a response, and they seem to take approx. 1.35 seconds each. This is much slower than I would have expected. Is this normal?
New Case Study Shows the Value of Partnering with Splunk Academic Alliance
How to Monitor Google Kubernetes Engine (GKE)
Index This | How can you make 45 using only 4?
