Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set/gather Performance benchmark for splunk infrastructure

xbbj3nj
Path Finder
‎08-18-2017 02:50 AM

Assuming that Splunk is installed as per the recommended reference architecture and hardware, then based on real-world performance in other customers what are the Splunk benchmarks for the following metrics (assuming 5-10 GB data ingestion per day) 

- Latency  [i.e., how long would it take from the point an event is generated to the time it is available for searching / alerting]
- Search query response times [i.e., what would be the typical range of wait times before the search result is available]
- Data reliability [i.e., what is typically the percentage of data transmitted from source systems that is successfully indexed]
- Data integrity [i,e search results should be uniform , it should not change for the same time range when executed later]

Is there any standard numbers given offcially by splunk when their standard infra requirements is followed ?

0 Karma
Reply

adonio
Ultra Champion
‎08-18-2017 04:52 AM

here is a non complete answer.
as far as i know, there are no documented benchmarks as there are many variables. as for your points:
1. depends on how long it takes it to arrive to the indexer, network latency, other metrics, etc. you can measure it by comparing the _time field (time of event) to _indextime field (time when event was indexed)
2. Search Query, this is really depends on your search. it also depends on the load the Search Head is under.
3. Data reliability, depends how you bring data in, TCP, UDP, API call etc. check answers here regarding "how can i really know all my events are in splunk?"
4. this is very accurate, for the same time range and search query, you will recive the exact same results.
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...