Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Universal Forwarder resource footprint estimation

pravesh_splunk
Engager
‎05-13-2015 07:55 PM

We are planning to implement Universal forwarder on Linux boxes having multiple clustered Weblogic domains. The applications on these domains (around 200 of them) generate 600 application log files placed on shared directory.
Can any one help me on how do I estimate the resource footprint of the Universal Forwarder that we are planning to install on these Linux servers. These application are business critical and having read about high CPU and memory consumption by Universal Forwarder, I wanted to make sure that the forwarder does not impact the applications.

Thanks

0 Karma
Reply

satishsdange
Builder
‎05-13-2015 10:13 PM

There is no definite number on how much resource is consumed by UF. Generally its <5% but that depends on what are you monitoring. Note that UF does not run any python scritpt, hence CPU load is less and it consumes less memory.
Based on the feedback received from one of the partner, its the lightest collector of all the solutions, he has seen so far.

0 Karma
Reply

pravesh_splunk
Engager
‎05-13-2015 10:24 PM

Thanks for your answer. I am also of the understanding that UF has the smallest resource footprint. And as you rightly mentioned, resource utilization would depend on what we are monitoring.
My application log (600 of them) could total up to 5GB before the switch. So does this mean that UF would need 5GB memory at the least?
Any guidelines/past experience on such estimation would be helpful.
Cheers

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...