Splunk Enterprise Flow data indigestion limits

hariskhan · ‎01-07-2019

Hi all,

Can some one tell about Network flows indigestion capacity of Splunk enterprise solution.Like how much flows/sec at min and max splunk can accept.

Also any suggestion on receiving flows on separate interface of hardware on which splunk is installed. I mean can a dedicated interface be used on splunk machine to receive network flows?.

hariskhan · ‎01-07-2019

Am talking about network flows not network syslogs or any device logs. That isi network moving traffic sessions data

hariskhan · ‎01-08-2019

any update please?.

hariskhan · ‎01-07-2019

I know about this doc. But this doc doesn't mention any limits on how much network flows a base machine or mid range can handle before it can overwhelm the link or machine performance.

harsmarvania57 · ‎01-07-2019

Hi,

Have look at https://docs.splunk.com/Documentation/Splunk/7.2.3/Capacity/Referencehardware#Maximum_performance_ca... , which describes that with reference hardware you can ingest how much data but this depends on many more factors like IOPS, Different custom parsing.

Splunk Enterprise Flow data indigestion limits

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!