Windows Event Collectors and Splunk Latency


Windows Event Collectors and Splunk Latency

i

I have a WEC environment, and it seems that after we get past 400 machines on the Event Collector, latency is introduced.  

In splunk, I often see delays of 1 - 5 hours.   When I put the UF on the machines, no latency at all. 

The problem is, that we have pushback on another agent being introduced. 

The WEC machine is Server 2016, 16GB of Ram, 4 Cores.



Tags
i

>In splunk, I often see delays of 1 - 5 hours.   When I put the UF on the machines, no latency at all. 

Are the events in that case sent directly to the Splunk indexer using UF from each machine?
GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search