Hello everyone,
I need documentation about bandwidth utilization between the InsightIDR platform and the collector.
Kindly share any valid information about bandwidth consumption between the duo.
Thanks
Hi,
the bandwidth is heavily dictated by the event sources configured on the collector, as well as the number of agents using the collector as a proxy.
One thing you can do is view Event source health monitoring for any configured event source, to see the Data Sent by the Collector (compressed data)
There is no rollup functionality to present all event source health on a single page, however you could pivot to log search and select all logs related to the event sources from a particular collector, and run Calculate(bytes) to visualize the amount of Uncompressed data is sent to log search. It’s worth noting that the data in log search is going to be roughly 10x the amount of data sent over the wire as its uncompressed in log search. You can also see this distinction being made in event source health.
In this example, on the 6th of July we sent 331KB over the wire, and we parsed 20% of that data, and sent 750KB to log search. If we had parsed the data at 100% we would have sent about 3725KB to log search.
Hope this helps, out of curiosity what problem are you trying to solve?
David
1 Like
Thanks David
I think I can draw some conclusions from your write-up.
In my case, I am advising a customer on bandwidth consumption if he subscribes for the solution.
Thanks