We're seeing about 50 ms. Normal range? How would we optimize this?
EDIT: Also, how do you measure HEC performance from Splunk's point of view? I don't see anything in metrics that explicitly calls out HEC. Since the end user can adjust source arbitrarily, how do you isolate HEC stats from metrics?
You can use Distributed Management Console (Version 6.5 # now calls it Monitoring Console) has 2 dashboard that provides an overview of your HEC performance across the deployment. You can enable and check performance.
Reference # https://docs.splunk.com/Documentation/Splunk/6.5.2/DMC/Inputdashboards
You can use Distributed Management Console (Version 6.5 # now calls it Monitoring Console) has 2 dashboard that provides an overview of your HEC performance across the deployment. You can enable and check performance.
Reference # https://docs.splunk.com/Documentation/Splunk/6.5.2/DMC/Inputdashboards
Old reply: Yeah, I see the HEC dashboards. But they simply say "You currently have no tokens configured" which is not correct. I don't see anything in the MC setup that references HEC.
Assuming I can get it working, this looks like a good place to start. Thanks.
