Splunk Search

Splunk Enterprise Flow data indigestion limits

hariskhan
Explorer

Hi all,

Can some one tell about Network flows indigestion capacity of Splunk enterprise solution.Like how much flows/sec at min and max splunk can accept.

Also any suggestion on receiving flows on separate interface of hardware on which splunk is installed. I mean can a dedicated interface be used on splunk machine to receive network flows?.

Tags (1)
0 Karma

hariskhan
Explorer

Am talking about network flows not network syslogs or any device logs. That isi network moving traffic sessions data

0 Karma

hariskhan
Explorer

any update please?.

0 Karma

hariskhan
Explorer

I know about this doc. But this doc doesn't mention any limits on how much network flows a base machine or mid range can handle before it can overwhelm the link or machine performance.

0 Karma

harsmarvania57
Ultra Champion

Hi,

Have look at https://docs.splunk.com/Documentation/Splunk/7.2.3/Capacity/Referencehardware#Maximum_performance_ca... , which describes that with reference hardware you can ingest how much data but this depends on many more factors like IOPS, Different custom parsing.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...