Solved: Can I calculate the bandwidth used for site replic...

lycollicott · ‎02-10-2016

If I use this search:

index=_internal source=*metrics.log* host="*indexer*" kbps=* | stats sum(kbps) by group,host

It tells me there are 4 groups with data:

per_host_thruput 
per_index_thruput
per_source_thruput
per_sourcetype_thruput

None of those look like they will describe the replication traffic.
is there a way to determine how much bandwidth is being used by replication?

lycollicott · ‎12-19-2016

This is what I figured out eventually.

index=_internal (host=*idnd01) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)

lycollicott · ‎12-19-2016

This is what I figured out eventually.

index=_internal (host=*idnd01) (destIp="10.xx.xx.xx" OR destIp="10.yy.yy.yy") sourcetype=splunkd destPort=9887 
| timechart span=15m avg(tcp_KBps)

slebbie_splunk · ‎03-28-2017

Hi Iycollicott, how does this search work for you?

lycollicott · ‎03-28-2017

Very well. I use it in a dashboard panel everyday.

slebbie_splunk · ‎03-28-2017

Thanks, appreciated. "upvote" 🙂

Can I calculate the bandwidth used for site replication in an indexer clustering environment?