Getting Data In

Performance Tuning Suggestions for TCP Syslog Running on Server 2012

jodros
Builder

I know this is not a Splunk specific question, however I have asked a similar question in the past about tuning for UDP syslog on linux. I need to know what to watch out for when dealing with high volumes and bursts of TCP syslog. This is a Server 2012 VM using vmxnet3 drivers. I have maxed out the Small/Large RX Buffers as well as RX Ring #1/#2 Size. I have also tested enabling/disabling LSO V2 (IPv4) but that had little impact.

Any assistance would be appreciated.

Thanks

0 Karma
1 Solution

jodros
Builder

Resolved issue with our RHEL UDP syslog environment. WinOS was not able to increase receive buffers to amount that was required.

View solution in original post

0 Karma

jodros
Builder

Resolved issue with our RHEL UDP syslog environment. WinOS was not able to increase receive buffers to amount that was required.

0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...