Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set/gather Performance benchmark for splunk infrastructure

xbbj3nj
Path Finder
‎08-18-2017 02:50 AM

Assuming that Splunk is installed as per the recommended reference architecture and hardware, then based on real-world performance in other customers what are the Splunk benchmarks for the following metrics (assuming 5-10 GB data ingestion per day) 

- Latency  [i.e., how long would it take from the point an event is generated to the time it is available for searching / alerting]
- Search query response times [i.e., what would be the typical range of wait times before the search result is available]
- Data reliability [i.e., what is typically the percentage of data transmitted from source systems that is successfully indexed]
- Data integrity [i,e search results should be uniform , it should not change for the same time range when executed later]

Is there any standard numbers given offcially by splunk when their standard infra requirements is followed ?

0 Karma
Reply

adonio
Ultra Champion
‎08-18-2017 04:52 AM

here is a non complete answer.
as far as i know, there are no documented benchmarks as there are many variables. as for your points:
1. depends on how long it takes it to arrive to the indexer, network latency, other metrics, etc. you can measure it by comparing the _time field (time of event) to _indextime field (time when event was indexed)
2. Search Query, this is really depends on your search. it also depends on the load the Search Head is under.
3. Data reliability, depends how you bring data in, TCP, UDP, API call etc. check answers here regarding "how can i really know all my events are in splunk?"
4. this is very accurate, for the same time range and search query, you will recive the exact same results.
hope it helps

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...