In the case of a single site cluster, default is the default entry.Ĭluster Manager URI: Full URI of Splunk cluster manager, in the format: scheme://host:port. Site: Clustering site from which indexers need to be discovered. This hides both Exclude current host IPs and the Destinations section, and displays the following fields: Toggling Indexer discovery to Yes enables automatic discovery of indexers in an indexer clustering environment. Output ID: Enter a unique name to identify this Splunk LB Destination definition. Next, click Add Destination to open a New Destination modal that provides the options below. From the resulting page's tiles or the Destinations left nav, select Splunk > Load Balanced. Or, to configure via the Routing UI, click Data > Destinations (Stream) or More > Destinations (Edge). The resulting drawer will provide the options below.
Next, click either Add Destination or (if displayed) Select Existing. From the resulting drawer's tiles, select Splunk > Load Balanced. To configure via the graphical QuickConnect UI, click Collect (Edge only). Configuring Cribl Stream to Load-Balance to Multiple Splunk Destinations įrom the top nav, click Manage, then select a Worker Group to configure. Cribl Stream is designed to block only if all endpoints are experiencing problems. If a request fails, Cribl Stream will resend the data to a different endpoint. Over the subsequent intervals, the difference becomes exponentially less pronounced, and eventually insignificant. Number of events to send to each destination A: 150 - 60 = 90 and B: 150 - 40 = 110. Number of events per each destination (weighed): 300/2 = 150 (they're equal, due to equal weight).
Total number of events: events to be dispensed + stats carried forward = 200 + 60 + 40 = 300. To determine how many events A and B will receive during this next interval, Cribl Stream will use their weights and their stats as follows: I.e., receiver A will start the interval with 60 and receiver B with 40. IntervalĪt the beginning of interval 2, the load-balancing algorithm will look back to the previous interval stats and carry half of the receiving stats forward. Let's assume that, due to various circumstances, 200 events are "balanced" as follows:Ī = 120 events and B = 80 events – a difference of 40 events and a ratio of 1.5:1. Intervalīoth A and B start this interval with 0 historical stats each. Suppose further that the load-balance stats period is set at the default 300s and – to make things easy – for each period, there are 200 events of equal size (Bytes) that need to be balanced. Suppose we have two receivers, A and B, each with weight of 1 (i.e., they are configured to receive equal amounts of data). Cribl Stream uses this data to influence the traffic sent to each destination, to ensure that differences decay over time, and that total ratios converge towards configured weights. Respective destination historical data.īy default, historical data is tracked for 300s.
Data is sent by all Worker Processes to all receivers simultaneously, and the amount sent to each receiver depends on these parameters: If FQDNs/hostnames are used as the Destination address and each resolves to, for example, 5 (unique) IPs, then each Worker Process will have its # of outbound connections = # of IPs x # of FQDNs for purposes of the SplunkLB output. How Does Load Balancing Work Ĭribl Stream will attempt to load-balance outbound data as fairly as possibly across all receivers (listed as Destinations in the GUI). Type: Streaming | TLS Support: Configurable | PQ Support: Yesįor additional details about sending to Splunk Cloud, see Splunk Cloud and BYOL Integrations.
0 kommentar(er)
