New reports:

- `IndexerLevel - events per second benchmark`
- `IndexerLevel - savedsearches by indexer execution time`
- `SearchHeadLevel - indexes per savedsearch`
- `SearchHeadLevel - macros in use`
- `SearchHeadLevel - Indexes for savedsearch without subsearches`
- `SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour`

Updated alerts:
- `AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - updated criteria
- `IndexerLevel - RemoteSearches find datamodel acceleration with wildcards` - updated regex
- `MonitoringConsole - one or more servers require configuration` - changed criteria
- `MonitoringConsole - one or more servers require configuration automated` - rewrote the alert
- `SearchHeadLevel - Indexer Peer Connection Failures` - updated comments
- `SearchHeadLevel - Detect searches hitting corrupt buckets` - updated comments
- `SearchHeadLevel - Users with auto-finalized searches` - updated comments
- `SearchHeadLevel - splunk_search_messages dispatch` - updated comments
- `SearchHeadLevel - Lookups within savedsearches` - corrected URL
- `SearchHeadLevel - Sourcetypes usage from search telemetry data` - description update
- `SearchHeadLevel - Jobs endpoint example` - updated description
- `SearchHeadLevel - SmartStore cache misses - dashboards` - minor update to regex
- `SearchHeadLevel - SmartStore cache misses - combined` - minor update to regex
- `SearchHeadLevel - Search Messages field extractor slow` - updated comments
- `SearchHeadLevel - Search Messages user level` - updated comments
- `SearchHeadLevel - Search Messages admins only` - updated criteria and comments

Updated reports:
- `IndexerLevel - RemoteSearches - lookup usage` - typo fixed in description
- `IndexerLevel - Report on bucket corruption` - updated comments
- `SearchHeadLevel - summary indexing searches not using durable search` - corrected REST context
- `SearchHeadLevel - Lookups within savedsearches` - corrected REST context
- `SearchHeadLevel - platform_stats.audit metrics users` - added v2/v1 endpoints for search/jobs/export
- `SearchHeadLevel - platform_stats.audit metrics api` - added v2/v1 endpoints for search/jobs/export
- `SearchHeadLevel - platform_stats.audit metrics users 24hour` - added v2/v1 endpoints for search/jobs/export

Updated to use macro `splunkadmins_clustermaster_host` instead of splunk_server=local:
- `ClusterMasterLevel - Primary bucket count per peer`
- `ClusterMasterLevel - excess buckets on master`
- `IndexerLevel - ClusterMaster Advising SearchOrRep Factor Not Met`

Updated to use macro `splunkadmins_restmacro` instead of splunk_server=local:
- `IndexerLevel - Indexer replication queue issues to some peers`
- `SearchHeadLevel - Alerts that have not fired an action in X days`
- `SearchHeadLevel - Accelerated DataModels Access Info`
- `SearchHeadLevel - Accelerated DataModels with wildcard or no index specified`
- `SearchHeadLevel - authorize.conf settings will prevent some users from appearing in the UI`
- `SearchHeadLevel - Data Model Acceleration Completion Status`
- `SearchHeadLevel - DataModel Fields`
- `SearchHeadLevel - Dashboard refresh intervals`
- `SearchHeadLevel - Dashboards using depends and running searches in the background`
- `SearchHeadLevel - Dashboards using special characters`
- `SearchHeadLevel - Dashboards with all time searches set`
- `SearchHeadLevel - Dashboards that may benefit from base or post-process searches`
- `SearchHeadLevel - DataModels report`
- `SearchHeadLevel - Disabled modular inputs are running`
- `SearchHeadLevel - Detect changes to knowledge objects non-directory`
- `SearchHeadLevel - EventTypes report`
- `SearchHeadLevel - Index access list by user`
- `SearchHeadLevel - IndexesPerUser Report`
- `SearchHeadLevel - Knowledge bundle status on indexers`
- `SearchHeadLevel - Lookup file owners`
- `SearchHeadLevel - Lookup CSV size`
- `SearchHeadLevel - Macro report`
- `SearchHeadLevel - platform_stats.users savedsearches`
- `SearchHeadLevel - platform_stats.users dashboards`
- `SearchHeadLevel - Saved Searches with privileged owners and excessive write perms`
- `SearchHeadLevel - Summary searches using realtime search scheduling`
- `SearchHeadLevel - SavedSearches using special characters`
- `SearchHeadLevel - Splunk alert actions exceeding the max_action_results limit`
- `SearchHeadLevel - summary indexing searches not using durable search`
- `SearchHeadLevel - Tags report`

Other macro updates:
- `DeploymentServer - Count by application`

Author: gjanders

README.md

@@ -203,6 +203,7 @@ The below list of alerts and reports are actively used since version 8.0.x and i
 - `IndexerLevel - Connection errors to SmartStore`
 - `IndexerLevel - ClusterMaster Advising SearchOrRep Factor Not Met`
 - `IndexerLevel - Data parsing error`
+- `IndexerLevel - events per second benchmark`
 - `IndexerLevel - IndexConfig Warnings from Splunk indexers`
 - `IndexerLevel - Indexer Queues May Have Issues`
 - `IndexerLevel - Indexer replication queue issues to some peers`
@@ -247,13 +248,15 @@ The below list of alerts and reports are actively used since version 8.0.x and i
 - `SearchHeadLevel - Lookup file owners`
 - `SearchHeadLevel - Lookups within dashboards`
 - `SearchHeadLevel - Lookups within savedsearches`
+- `SearchHeadLevel - macros in use`
 - `SearchHeadLevel - Peer timeouts or authentication issues`
 - `SearchHeadLevel - platform_stats access summary`
 - `SearchHeadLevel - platform_stats.audit metrics api`
 - `SearchHeadLevel - platform_stats.audit metrics searches`
 - `SearchHeadLevel - platform_stats.audit metrics users`
 - `SearchHeadLevel - platform_stats.audit metrics users 24hour`
 - `SearchHeadLevel - platform_stats.remote_searches metrics populating search`
+- `SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour`
 - `SearchHeadLevel - platform_stats.user_stats.introspection metrics populating search`
 - `SearchHeadLevel - platform_stats.users dashboards`
 - `SearchHeadLevel - platform_stats.users savedsearches`
@@ -278,7 +281,7 @@ The below list of alerts and reports are actively used since version 8.0.x and i
 Some CSV lookups are now replaced with kvstore entries due to the ability to sync the kvstore across multiple search head or search head cluster(s) via apps like [KV Store Tools Redux](https://splunkbase.splunk.com/app/5328/)
 
 ## platform_stats reports
-There are a number of reports with the keyword "platform_stats" in the title, these were designed to run mcollect commands and to collect data into a metric index
+There are a number of reports with the keyword "platform_stats" in the title, these were designed to run mcollect commands (or to use summary indexing and durable search) to collect data into a metrics index
 The metrics then contain detailed information around the number of users using Splunk per-search head cluster, data indexed at the indexing tier, resource usage per user et cetera.
 There is plenty of detail in here but dashboards were not included for the information built from them, contributions welcome
 
@@ -325,6 +328,83 @@ The following ideas relate to this issue:
 Feel free to open an issue on github or use the contact author on the SplunkBase link and I will try to get back to you when possible, thanks!
 
 ## Release Notes
+### 3.0.13
+New reports:
+- `IndexerLevel - events per second benchmark`
+- `IndexerLevel - savedsearches by indexer execution time`
+- `SearchHeadLevel - indexes per savedsearch`
+- `SearchHeadLevel - macros in use`
+- `SearchHeadLevel - Indexes for savedsearch without subsearches`
+- `SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour`
+
+Updated alerts:
+- `AllSplunkEnterpriseLevel - Splunkd Log Messages Admins Only` - updated criteria
+- `IndexerLevel - RemoteSearches find datamodel acceleration with wildcards` - updated regex
+- `MonitoringConsole - one or more servers require configuration` - changed criteria
+- `MonitoringConsole - one or more servers require configuration automated` - rewrote the alert
+- `SearchHeadLevel - Indexer Peer Connection Failures` - updated comments
+- `SearchHeadLevel - Detect searches hitting corrupt buckets` - updated comments
+- `SearchHeadLevel - Users with auto-finalized searches` - updated comments
+- `SearchHeadLevel - splunk_search_messages dispatch` - updated comments
+- `SearchHeadLevel - Lookups within savedsearches` - corrected URL
+- `SearchHeadLevel - Sourcetypes usage from search telemetry data` - description update
+- `SearchHeadLevel - Jobs endpoint example` - updated description
+- `SearchHeadLevel - SmartStore cache misses - dashboards` - minor update to regex
+- `SearchHeadLevel - SmartStore cache misses - combined` - minor update to regex
+- `SearchHeadLevel - Search Messages field extractor slow` - updated comments
+- `SearchHeadLevel - Search Messages user level` - updated comments
+- `SearchHeadLevel - Search Messages admins only` - updated criteria and comments
+
+
+Updated reports:
+- `IndexerLevel - RemoteSearches - lookup usage` - typo fixed in description
+- `IndexerLevel - Report on bucket corruption` - updated comments
+- `SearchHeadLevel - summary indexing searches not using durable search` - corrected REST context
+- `SearchHeadLevel - Lookups within savedsearches` - corrected REST context
+- `SearchHeadLevel - platform_stats.audit metrics users` - added v2/v1 endpoints for search/jobs/export
+- `SearchHeadLevel - platform_stats.audit metrics api` - added v2/v1 endpoints for search/jobs/export
+- `SearchHeadLevel - platform_stats.audit metrics users 24hour` - added v2/v1 endpoints for search/jobs/export
+
+Updated to use macro `splunkadmins_clustermaster_host` instead of splunk_server=local:
+- `ClusterMasterLevel - Primary bucket count per peer`
+- `ClusterMasterLevel - excess buckets on master`
+- `IndexerLevel - ClusterMaster Advising SearchOrRep Factor Not Met`
+
+Updated to use macro `splunkadmins_restmacro` instead of splunk_server=local:
+- `IndexerLevel - Indexer replication queue issues to some peers`
+- `SearchHeadLevel - Alerts that have not fired an action in X days`
+- `SearchHeadLevel - Accelerated DataModels Access Info`
+- `SearchHeadLevel - Accelerated DataModels with wildcard or no index specified`
+- `SearchHeadLevel - authorize.conf settings will prevent some users from appearing in the UI`
+- `SearchHeadLevel - Data Model Acceleration Completion Status`
+- `SearchHeadLevel - DataModel Fields`
+- `SearchHeadLevel - Dashboard refresh intervals`
+- `SearchHeadLevel - Dashboards using depends and running searches in the background`
+- `SearchHeadLevel - Dashboards using special characters`
+- `SearchHeadLevel - Dashboards with all time searches set`
+- `SearchHeadLevel - Dashboards that may benefit from base or post-process searches`
+- `SearchHeadLevel - DataModels report`
+- `SearchHeadLevel - Disabled modular inputs are running`
+- `SearchHeadLevel - Detect changes to knowledge objects non-directory`
+- `SearchHeadLevel - EventTypes report`
+- `SearchHeadLevel - Index access list by user`
+- `SearchHeadLevel - IndexesPerUser Report`
+- `SearchHeadLevel - Knowledge bundle status on indexers`
+- `SearchHeadLevel - Lookup file owners`
+- `SearchHeadLevel - Lookup CSV size`
+- `SearchHeadLevel - Macro report`
+- `SearchHeadLevel - platform_stats.users savedsearches`
+- `SearchHeadLevel - platform_stats.users dashboards`
+- `SearchHeadLevel - Saved Searches with privileged owners and excessive write perms`
+- `SearchHeadLevel - Summary searches using realtime search scheduling`
+- `SearchHeadLevel - SavedSearches using special characters`
+- `SearchHeadLevel - Splunk alert actions exceeding the max_action_results limit`
+- `SearchHeadLevel - summary indexing searches not using durable search`
+- `SearchHeadLevel - Tags report`
+
+Other macro updates:
+- `DeploymentServer - Count by application`
+
 ### 3.0.12
 New alerts:
 - `MonitoringConsole - one or more servers require configuration`
@@ -540,10 +620,12 @@ New reports:
 - `SearchHeadLevel - Searches by search type`
 
 Updated macros:
+- `search_type_from_sid`
 - `splunkadmins_splunkd_source`
 - `splunkadmins_splunkuf_source`
 - `splunkadmins_mongo_source`
 - `splunkadmins_license_usage_source`
+- `splunkadmins_deploymentserver_splunkserver`
 
 To include a trailing wildcard (so splunkd.log.1 matches or similar)
 

default/app.conf

@@ -14,7 +14,7 @@ supported_themes = light,dark
 [launcher]
 author = Gareth Anderson
 description = Alerts and dashboards as described in the Splunk 2017 conf presentation How did you get so big?
-version = 3.0.12
+version = 3.0.13
 
 [package]
 id = SplunkAdmins

default/data/ui/nav/default.xml

@@ -141,7 +141,7 @@
 		    <view name="splunk_forwarder_output_tuning" />
 		    <view name="splunk_forwarder_data_balance_tuning" />
 		    <view name="splunk_introspection_io_stats" />
-		    <a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FForwarderLevel%20-%20Channel%20churn%20issues">Channel churn issues</a>
+		    <a href="/app/SplunkAdmins/alert?s=%2FservicesNS%2Fnobody%2FSplunkAdmins%2Fsaved%2Fsearches%2FForwarderLevel%20-%20Channel%20churn%20issues">Channel churn issues</a>			
 		</collection>
                 <collection label="syslog-ng">
 			<saved name="syslog-ng - cache statistics summary" />
@@ -222,7 +222,10 @@
 				<saved name="IndexerLevel - Knowledge bundle upload stats" />
 				<saved name="SearchHeadLevel - Knowledge bundle replication times metrics.log" />							
 	                        <saved name="SearchHeadLevel - Search Messages field extractor slow" />
-				<saved name="IndexerLevel - IndexWriter pause duration" />				
+				<saved name="IndexerLevel - IndexWriter pause duration" />
+				<saved name="IndexerLevel - events per second benchmark" />
+				<saved name="IndexerLevel - savedsearches by indexer execution time" />
+				<saved name="SearchHeadLevel - Indexes for savedsearch without subsearches" />
 			</collection>
 			<collection label="SmartStore">
 				<saved name="SearchHeadLevel - SmartStore cache misses - savedsearches" />
@@ -267,9 +270,10 @@
 		    <saved name="SearchHeadLevel - platform_stats.audit metrics users 24hour" />
 		    <saved name="SearchHeadLevel - platform_stats.users dashboards" />
 		    <saved name="SearchHeadLevel - platform_stats.users savedsearches" />
-                    <saved name="SearchHeadLevel - platform_stats.user_stats.introspection metrics populating search" />
+                    <saved name="SearchHeadLevel - platform_stats.user_stats.introspection metrics populating search" />			
                     <saved name="SearchHeadLevel - platform_stats access summary" />
 		    <saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search" />
+		    <saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour" />
 		    <saved name="SearchHeadLevel - audit.log - lookup usage" />
 		    <saved name="SearchHeadLevel - Lookup Editor lookup updates" />
                     <saved name="IndexerLevel - platform_stats.counters hosts" />
@@ -294,6 +298,8 @@
 			<saved name="SearchHeadLevel - audit.log - lookup usage" />
 			<saved name="SearchHeadLevel - Detect lookups that have not being accessed for a period of time" />
 			<saved name="SearchHeadLevel - Lookup Editor lookup updates" />
+			<saved name="SearchHeadLevel - indexes per savedsearch" />
+			<saved name="SearchHeadLevel - macros in use" />
 			<saved name="SearchHeadLevel - Search Queries Per Day Audit Logs" />
                         <saved name="SearchHeadLevel - Search Queries By Type Audit Logs" />         
                         <saved name="SearchHeadLevel - Search Queries By Type Audit Logs macro version" />                   
@@ -317,6 +323,7 @@
                         <saved name="IndexerLevel - RemoteSearches Indexes Stats" />
                         <saved name="IndexerLevel - RemoteSearches Indexes Stats Wilcard" />			
 			<saved name="IndexerLevel - RemoteSearches - lookup usage" />
+			<saved name="IndexerLevel - events per second benchmark" />
 		</collection>      
 		<collection label="Data Models">				
 			<saved name="SearchHeadLevel - Data Model Acceleration Completion Status" />
@@ -442,6 +449,8 @@
                         <saved name="SearchHeadLevel - Detect changes to knowledge objects directory" />
                         <saved name="SearchHeadLevel - Detect changes to knowledge objects non-directory" />
 			<saved name="SearchHeadLevel - Lookup updates within SHC" />
+			<saved name="SearchHeadLevel - indexes per savedsearch" />
+			<saved name="SearchHeadLevel - macros in use" />
                         <saved name="SearchHeadLevel - SHC conf log summary" />
 			<saved name="SearchHeadLevel - Searches dispatched as owner by other users" />
 			<saved name="SearchHeadLevel - Lookup CSV size" />
@@ -470,11 +479,16 @@
 			<saved name="SearchHeadLevel - Knowledge Bundle contents" />
 			<saved name="SearchHeadLevel - license usage per sourcetype per index" />
 			<saved name="syslog-ng - cache statistics summary" />
+			<saved name="IndexerLevel - events per second benchmark" />
+			<saved name="IndexerLevel - savedsearches by indexer execution time" />
+			<saved name="SearchHeadLevel - Indexes for savedsearch without subsearches" />
 		</collection>	
 		<collection label="Summary_Reports">
 			<saved name="SearchHeadLevel - audit.log - lookup usage" />
 			<saved name="SearchHeadLevel - Lookup Editor lookup updates" />
 			<saved name="SearchHeadLevel - license usage per sourcetype per index" />
+			<saved name="SearchHeadLevel - indexes per savedsearch" />
+			<saved name="SearchHeadLevel - macros in use" />
         		<saved name="SearchHeadLevel - platform_stats.audit metrics searches" />
 	                <saved name="SearchHeadLevel - platform_stats.audit metrics users" />
                         <saved name="SearchHeadLevel - platform_stats.audit metrics users 24hour" />
@@ -483,7 +497,8 @@
      			<saved name="SearchHeadLevel - platform_stats.audit metrics api" />			
                         <saved name="SearchHeadLevel - platform_stats.user_stats.introspection metrics populating search" />
                         <saved name="SearchHeadLevel - platform_stats access summary" />
-			<saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search" />			
+			<saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search" />
+			<saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour" />
 			<saved name="IndexerLevel - platform_stats.counters hosts" />
 			<saved name="IndexerLevel - platform_stats.counters hosts 24hour" />
 			<saved name="IndexerLevel - platform_stats.indexers totalgb measurement" />
@@ -525,6 +540,9 @@
         <collection label="Summary_Reports">
 		<saved name="SearchHeadLevel - audit.log - lookup usage" />
 		<saved name="SearchHeadLevel - Lookup Editor lookup updates" />
+		<saved name="SearchHeadLevel - license usage per sourcetype per index" />
+		<saved name="SearchHeadLevel - indexes per savedsearch" />
+		<saved name="SearchHeadLevel - macros in use" />
 		<saved name="SearchHeadLevel - platform_stats.audit metrics searches" />
                 <saved name="SearchHeadLevel - platform_stats.audit metrics users" />
                 <saved name="SearchHeadLevel - platform_stats.audit metrics api" />
@@ -534,6 +552,7 @@
                 <saved name="SearchHeadLevel - platform_stats.user_stats.introspection metrics populating search" />
                 <saved name="SearchHeadLevel - platform_stats access summary" />
 		<saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search" />
+		<saved name="SearchHeadLevel - platform_stats.remote_searches metrics populating search 24 hour" />
                 <saved name="IndexerLevel - platform_stats.counters hosts" />
                 <saved name="IndexerLevel - platform_stats.counters hosts 24hour" />
                 <saved name="IndexerLevel - platform_stats.indexers totalgb measurement" />

default/data/ui/views/detect_excessive_search_use.xml

@@ -60,7 +60,7 @@
       <table>
         <title>Note: cluster command in use, introspection data may better list all dashboards in use</title>
         <search>
-          <query>index=_internal (sourcetype=splunkd_access (method="GET" AND "/services/search/jobs/export") OR method="POST") OR (sourcetype=splunkd_ui_access method=POST "/report?" OR "/search?" OR "/search/jobs" OR "/saved/searches" NOT "/search/parser HTTP" NOT "/user-prefs/data/user-prefs/") OR (sourcetype=splunkd_ui_access method=GET "/app/" NOT "/search HTTP" NOT "/dashboards HTTP" NOT "/alerts HTTP" NOT "/reports HTTP") user IN ($username$)
+		<query>index=_internal (sourcetype=splunkd_access (method="GET" AND "/services/search/jobs/export") OR method="POST") OR (sourcetype=splunkd_ui_access method=POST "/report?" OR "/search?" OR "/search/jobs" OR "/servicesNS/*/*/search/jobs" OR "/saved/searches" NOT "/search/parser HTTP" NOT "/user-prefs/data/user-prefs/") OR (sourcetype=splunkd_ui_access method=GET "/app/" NOT "/search HTTP" NOT "/dashboards HTTP" NOT "/alerts HTTP" NOT "/reports HTTP") user IN ($username$)
 | cluster t=0.95 showcount=true
 | rex field=uri "/servicesNS/[^/]+/(?P&lt;app&gt;[^/]+)"
 | rex field=uri "/[^/]+/app/(?P&lt;app&gt;[^/]+)/(?P&lt;dashboard_name&gt;[^/\?]+)"

default/data/ui/views/indexer_max_data_queue_sizes_by_name.xml

@@ -127,7 +127,7 @@
       <chart>
         <title>The replication queue appears to directly relate to the indexing queue, any blockage of the indexing queue will then block the replication queue and temporarily slow data ingestion. The replication queue appears to be extremely sensitive to the other indexers indexing queue so it can be a useful measure of an issue...</title>
         <search>
-          <query>index=_internal `indexerhosts` "replication queue for " "full" OR "has room now" sourcetype=splunkd
+          <query>index=_internal `indexerhosts` "replication queue for " "full" OR "has room now" sourcetype=splunkd `splunkadmins_splunkd_source`
 | rename peer AS guid
 | join guid
     [| rest /services/search/distributed/peers

default/data/ui/views/indexer_max_data_queue_sizes_by_name_v8.xml

@@ -127,7 +127,7 @@
       <chart>
         <title>The replication queue appears to directly relate to the indexing queue, any blockage of the indexing queue will then block the replication queue and temporarily slow data ingestion. The replication queue appears to be extremely sensitive to the other indexers indexing queue so it can be a useful measure of an issue...</title>
         <search>
-          <query>index=_internal `indexerhosts` "replication queue for " "full" OR "has room now" sourcetype=splunkd
+          <query>index=_internal `indexerhosts` "replication queue for " "full" OR "has room now" sourcetype=splunkd `splunkadmins_splunkd_source`
 | rename peer AS guid
 | join guid
     [| rest /services/search/distributed/peers

default/data/ui/views/splunk_forwarder_output_tuning.xml

@@ -105,6 +105,7 @@
         <body>
           <p>Purpose of destination count table? metrics.log only records the tcpout data *if* the connection is open at the time the metrics.log writes, so the count is to sanity-check that the numbers of connections matches the number of forwarders on the backend (this will happen with the below outputs.conf settings combined with regular data flow)</p>
           <br/>
+          <p><a href="https://docs.splunk.com/Documentation/SVA/current/Architectures/Intermediaterouting#Asynchronous_load_balancing"> Asynchronous load balancing (docs.splunk.com) </a></p>
 <p><a href="https://www.linkedin.com/pulse/splunk-asynchronous-forwarding-lightning-fast-data-ingestor-rawat"> Splunk Asynchronous Forwarding (Lightning-fast data ingestor)</a></p>
     <p>Purpose of the data output per-second timechart? The current goal is to get close to switching indexers every second for an output group (per-pipeline), note that this will result in more open connections to indexers so only really works if this is deployed to a moderate number of intermediate forwarders (HF's or similar). Note that you want to do this with autoLBVolume, if you lower autoLBFrequency to a very short time period you may result in un-even data balance due to switching frequently when forwarding smaller volumes of data. In my testing so far it would appear that aiming above the average kb/s for the autoLBVolume appears to work well, going too low doesn't work well in my testing so far</p>
     <p>Please read the linked article for information on these settings, note that when using async forwarding the open file descriptor usage is higher than without async forwarding as the connections are held open by forwarders. So this works great on an intermediate forwarding tier, this may not work so well with a very large number of forwarders</p>