×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tyates_ctm
Explorer
Member since: ‎07-13-2022
‎05-14-2024
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-13-2022
Activity Feed
Topics I've Started
View All

Re: Why are we receiving this ingestion latency er...

by in Splunk Enterprise
‎07-26-2022 09:08 AM
‎07-26-2022 09:08 AM
TL;DR: check `server` in `[tcpout:]` in `outputs.conf` of the server (not UFs) I got this error after migrating onto bigger servers. The cause was the `server` attribute in the `[tcpout:]` stanza in `outputs.conf` on the various members of the cluster hadn't been updated. I have no idea why, but at some point over the past 5 years that same attribute on the UFs had been pointed at different DNS records, so the indexers were receiving the important data from across the estate. Hope this helps someone. ... View more

Re: Is HEC as performant as TCP?

by in Getting Data In
‎07-22-2022 02:52 AM
‎07-22-2022 02:52 AM
Thanks for the reply @richgalloway , but that doesn't answer my question at all. I am not interested in how performant HEC is in absolute terms (I'm not even sure "very" is a particularly meaningful measure of performance). Only when compared to UF to Splunk using TCP. ... View more

Is HEC as performant as TCP?

by in Getting Data In
‎07-13-2022 05:54 AM
‎07-13-2022 05:54 AM
I've had quite a good look around the internet and have been unable to find an answer to this question. This question in particular touches on it, but the performance comparison is left unanswered. We are thinking about moving away from Splunk UF to an open source solution, which will likely only support HEC. Before making this change I'd like to know any consequences on performance/resource usage on the indexers. What are the impacts on resource usage and index/search performance between UF and HEC? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-14-2024 06:46 AM
Karma given to
View All