Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Optimising CPU + RAM usage on Universal Forwarder

DavidHourani
Super Champion
‎08-23-2017 06:57 AM

Hello guys,

I've been looking around in the questions and most of them are about forwarders causing High CPU because of some bug or some misconfiguration. My questions is about optimising and tweaking a universal forwarder that is working well in order to reduce its CPU impact.

So anyone who has tips and tricks to share it will be very much welcome. Even if you have system level tips for linux/windows it's also welcome!

Best regards,
David

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎09-01-2017 08:22 AM

I'm not sure there is a prefect answer for your question. By default, the fwd is designed to have a very limited impact on the system. You can limit the inputs to the ones that match your needs.
You might also look at windows system features.

Of course, you can monitor CPU usage in Splunk 🙂

0 Karma
Reply

mdessus_splunk
Splunk Employee
Splunk Employee
‎08-23-2017 01:58 PM

Hi David,

Do you have any specific issues ? On which system ? When collecting what kind of data ?
Can you give some details ?

0 Karma
Reply

DavidHourani
Super Champion
‎08-25-2017 02:44 AM

Hello Mathieu, hope you're well 🙂

I have FWDs running on windows DC and I want to set limits to make sure that they never go over 5% CPU even if that means slowing down log collection.
Any idea on how that could be done ?
Cheers,
David

0 Karma
Reply

robertlynch2020
Influencer
‎02-19-2019 06:44 AM

I have the same issues, do you find a solution

0 Karma
Reply

ddrillic
Ultra Champion
‎08-23-2017 07:29 AM

Good information at -

alt text

Search please for the forwarder parts...

0 Karma
Reply

DavidHourani
Super Champion
‎08-23-2017 08:04 AM

What do you mean ? did you post any link because I cant see anything 🙂

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...