Optimising CPU + RAM usage on Universal Forwarder

DavidHourani · ‎08-23-2017

Hello guys,

I've been looking around in the questions and most of them are about forwarders causing High CPU because of some bug or some misconfiguration. My questions is about optimising and tweaking a universal forwarder that is working well in order to reduce its CPU impact.

So anyone who has tips and tricks to share it will be very much welcome. Even if you have system level tips for linux/windows it's also welcome!

Best regards,
David

mdessus_splunk · ‎09-01-2017

I'm not sure there is a prefect answer for your question. By default, the fwd is designed to have a very limited impact on the system. You can limit the inputs to the ones that match your needs.
You might also look at windows system features.

Of course, you can monitor CPU usage in Splunk 🙂

mdessus_splunk · ‎08-23-2017

Hi David,

Do you have any specific issues ? On which system ? When collecting what kind of data ?
Can you give some details ?

DavidHourani · ‎08-25-2017

Hello Mathieu, hope you're well 🙂

I have FWDs running on windows DC and I want to set limits to make sure that they never go over 5% CPU even if that means slowing down log collection.
Any idea on how that could be done ?
Cheers,
David

robertlynch2020 · ‎02-19-2019

I have the same issues, do you find a solution

ddrillic · ‎08-23-2017

Good information at -

Search please for the forwarder parts...

DavidHourani · ‎08-23-2017

What do you mean ? did you post any link because I cant see anything 🙂

Optimising CPU + RAM usage on Universal Forwarder

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

Optimising CPU + RAM usage on Universal Forwarder

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!