Skip to content

Performance: HEC requests not batched, causing high load on Splunk #35

New issue
New issue
Open
Open
Performance: HEC requests not batched, causing high load on Splunk#35
@tbdev77

Description

@tbdev77
tbdev77
opened on Dec 23, 2025

The current implementation sends one HTTP request to HEC per Event Hub message:

for (const event of eventHubMessages) {
    await splunk.sendToHEC(event, ...)  // One HTTP call per event
}

Under high volume, this can overwhelm Splunk Heavy Forwarders/HEC endpoints.

Proposed Fix

Batch all events from the Event Hub trigger into a single HEC payload before sending.
HEC supports concatenated JSON events in one request.

Impact

- Reduce HTTP overhead
- Improve throughput
- Reduce load on Splunk infrastructure

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions