Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

We are thinking of using directory recursion to collect logs from various servers, but what's the overhead on the system?

gopal20
New Member
‎03-02-2015 08:19 AM

In a large enterprise with thousands of IIS, apache and tomcat servers, with each server having multiple web or app instances and with each instance having different log file locations, any suggestions on an efficient way to collect these logs?

We are thinking of using directory recursion, but what’s the overhead on the system?

0 Karma
Reply

thomrs
Communicator
‎03-02-2015 04:56 PM

I gather lots of logs from our syslog server recursively and no issues. The host_regex in the inputs.conf helps keeps all the server names in order. If you use log rotation to move logs make sure you have a good whitelist/blacklist strategy.

We also had to up the bandwidth the UF uses to keep up with the amount of data in limits.conf

http://docs.splunk.com/Documentation/Splunk/6.2.2/admin/inputsconf

http://docs.splunk.com/Documentation/Splunk/6.2.2/Admin/Limitsconf

TO keep an eye on things take a look at the SOS and Deployment Monitor apps.

https://apps.splunk.com/app/748/

https://apps.splunk.com/app/1294/

0 Karma
Reply

gopal20
New Member
‎04-22-2015 01:43 PM

Using directory recursion generated 30% increase in CPU usage by Splunkd. Not a good option for our environment.

0 Karma
Reply
Get Updates on the Splunk Community!

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...

The Visibility Gap: Hybrid Networks and IT Services

The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...

Get Operational Insights Quickly with Natural Language on the Splunk Platform

In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...
Top