We are using Splunk ITSI and we are planning to improve Splunk performance, we need help in understanding how much overhead each service gives on Splunk server, So to understand this in a better way please read the scenario below
We have one platform say "App" where we have 5 servers and we need to measure performance on the basis of 3 KPI's i.e CPU Utilization, Memory Utilization & Disk Utilization, Now to measure the performance of the overall platform we need to measure the performance of each host.
So here we have two service configuration methods.
First : 1: We will create base search for the KPI's 2: We will create one service for each host having its host as an entity all 3 KPI's in it. 3: Then create one overall service for the "App" platform having Service dependencies in it where we will mention services created for all 5 hosts.
Second : 1: We will create base search for the KPI's 2: We will create one overall service for the "App" platform having its all 5 host as an entity all 3 KPI's in it.
So i want to understand here which method will more efficient and give less overhead on splunk.