Solved: Re: Is it possible to check sed performance in pro...

sc0tt · ‎04-11-2014

Is there a way to test the performance of sed scripts running in props.conf? I'm not an expert in regular expressions so I want to make sure that I'm not creating bottlenecks when indexing events. Events are < 1000 characters.

Thanks.

martin_mueller · ‎04-11-2014

You can see sed- and regex-related load during indexing by grabbing the SoS app from http://apps.splunk.com/app/748/ and opening the Indexing Performance view. A screen or two down you'll see index load by processes, you're looking for the regexprocessor.

View solution in original post

martin_mueller · ‎04-11-2014

You can see sed- and regex-related load during indexing by grabbing the SoS app from http://apps.splunk.com/app/748/ and opening the Indexing Performance view. A screen or two down you'll see index load by processes, you're looking for the regexprocessor.

martin_mueller · ‎04-11-2014

Just install the app, it's free and has literally hundreds of other benefits.

If for some reason you seriously cannot install it you can download it, unpack, and grab the search behind the graph manually. It's basically extracting information from the _internal index, so you can run the query without the app.

sc0tt · ‎04-11-2014

Great info! Is there an example of creating this report with without installing the app?

Is it possible to check sed performance in props.conf?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation