Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

buffering and flush time

pkernevez
New Member
‎08-17-2010 03:48 PM

Hi,

Will have a very variable throughput. Some time with a lot of Http request (about 100.000 per seconds during one minute) and some minutes without any request. I suppose that splunk do some buffering for dealing with high volume.

Is there a configuration parameter to configure the 'max flush time'. This time is the max amount of time that splunk will wait some new event for filling its buffer ? In other term splunk will decide to send events event the buffer is half filled.

We want to be sure that if we wait X seconds after the last message receive by our system, we don't miss some event awaiting others in any buffer.

Thanks

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎08-17-2010 04:15 PM

Splunk sends and indexes data as fast as it receives it. Buffering is only used to queue data if it is being received faster than it can be processed. Flushing is therefore continuous.

Reply

jfraiberg
Communicator
‎08-17-2010 03:58 PM

as far as I know there is no buffering going on if you are indexing a local file, it is real time. If you use a forwarder, you can have buffer settings for when the indexer goes down.

0 Karma
Reply
Get Updates on the Splunk Community!

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Splunk Observability Cloud continues to evolve, empowering engineering and operations teams with advanced ...