Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Flow data indigestion limits

hariskhan
Explorer
‎01-07-2019 12:10 AM

Hi all,

Can some one tell about Network flows indigestion capacity of Splunk enterprise solution.Like how much flows/sec at min and max splunk can accept.

Also any suggestion on receiving flows on separate interface of hardware on which splunk is installed. I mean can a dedicated interface be used on splunk machine to receive network flows?.

Tags (1)
0 Karma
Reply

hariskhan
Explorer
‎01-07-2019 09:04 AM

Am talking about network flows not network syslogs or any device logs. That isi network moving traffic sessions data

0 Karma
Reply

hariskhan
Explorer
‎01-08-2019 08:41 PM

any update please?.

0 Karma
Reply

hariskhan
Explorer
‎01-07-2019 09:00 AM

I know about this doc. But this doc doesn't mention any limits on how much network flows a base machine or mid range can handle before it can overwhelm the link or machine performance.

0 Karma
Reply

harsmarvania57
SplunkTrust
SplunkTrust
‎01-07-2019 01:26 AM

Hi,

Have look at https://docs.splunk.com/Documentation/Splunk/7.2.3/Capacity/Referencehardware#Maximum_performance_ca... , which describes that with reference hardware you can ingest how much data but this depends on many more factors like IOPS, Different custom parsing.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud | Customer Survey!

If you use Splunk Observability Cloud, we invite you to share your valuable insights with us through a brief ...

Happy CX Day, Splunk Community!

Happy CX Day, Splunk Community! CX stands for Customer Experience, and today, October 3rd, is CX Day — a ...

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

We’re excited to announce a new Splunk certification exam being released at .conf23! If you’re going to Las ...