Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Forwarder Output Compression Ratio- what is the expected bandwidth saving of a compressed stream if i activate it?

Matthias_BY
Communicator
‎06-20-2013 04:48 AM

Hello,

i can activate compression on the universal forwarder to the indexer. as i understand from the documentation and some answers entries the compression is different between ssl encryption and not.

compressed = [true|false]
* Applies to non-SSL forwarding only. For SSL useClientSSLCompression setting is used.
* If true, forwarder sends compressed data.
* If set to true, the receiver port must also have compression turned on (in its inputs.conf file).
* Defaults to false.

my question: what is the expected bandwidth saving of a compressed stream if i activate it? (useClientSSLCompression and non encrypted?

is it 1:10?

br
matthias

Labels (1)
Labels
Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎06-25-2013 03:09 PM

What @bwooden and @Dimitri McKay is all true. Also, here are some rough numbers for compression ratio based on internal testing.

  1. Universal forwarder / uncooked data

    • no compression 1:1
    • "native" compression 1:8
    • SSL compression 1:14

  2. Regular forwarder / cooked data

    • no compression 1:1
    • "native" compression 1:2
    • SSL compression 1:8

View solution in original post

Reply
Solved! Jump to solution

Matthias_BY
Communicator
‎06-28-2013 08:03 AM

thanks a lot for all your valuable feedback. Hexx received the points with clear numbers - of course depending on the content within a log it may vary a little bit - but if it is going over wan it's definitely worth to enable compression and even better SSL compression. 😉

0 Karma
Reply
Solved! Jump to solution
Solution

hexx
Splunk Employee
Splunk Employee
‎06-25-2013 03:09 PM

What @bwooden and @Dimitri McKay is all true. Also, here are some rough numbers for compression ratio based on internal testing.

  1. Universal forwarder / uncooked data

    • no compression 1:1
    • "native" compression 1:8
    • SSL compression 1:14

  2. Regular forwarder / cooked data

    • no compression 1:1
    • "native" compression 1:2
    • SSL compression 1:8
Reply
Solved! Jump to solution

adobrzeniecki_s
Splunk Employee
Splunk Employee
‎11-15-2022 06:13 AM

Hey Hexx, is there a specific doc that shows these compression ratios? This information is fantastic! Would also like a link to the docs page if you have one. Thank you so much.

0 Karma
Reply
Solved! Jump to solution

andygerber
Path Finder
‎03-27-2022 05:44 PM

This is an old post, but as far as I can see still accurate.

Testing from an HF (azure data) to an indexer cluster, turning on SSL resulted in a 1:8 compression for very short (~65Byte) events.

Reply
Solved! Jump to solution

bwooden
Splunk Employee
Splunk Employee
‎06-25-2013 07:49 AM

Compression is achieved via zlib. Per Dimitri's answer, compression is variable based on content.

Additional information may be found here: http://splunk-base.splunk.com/answers/63384/what-kind-of-compression-is-used-between-forwarders-and-...

Reply
Solved! Jump to solution

Dimitri_McKay
Splunk Employee
Splunk Employee
‎06-25-2013 03:09 AM

That would be contingent upon the repetition and amount of empty space in the data to be compressed.

Reply
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...