What is the virtual memory footprint for Universal...

Rob · ‎03-15-2011

How much memory can I expect the Universal Forwarder to require on a machine? Is there a hard ceiling for the virtual memory that a Universal forwarder will ask to be allocated from the OS? If so, can this value be configured?

gkanapathy · ‎03-15-2011

The Universal and Light Forwarders are not different in this regard. There is no hard ceiling. The amount used will depend on the number of files and other inputs being monitored.

Rob · ‎03-16-2011

What I am looking for is to determine what the maximum amount of virtual memory is that could be used if every queue were full in the universal forwarder. As I understand it for 4.1.x, that number would be 256MB on a 64bit system as there are 4 queues which can hold 1000 x 64KB chunks of event data. Only one queue can have the queue size be modified by outputs.conf (tcpout) whereas the rest can not be modified. I imagine there is a ceiling for the amount of virtual memory that the forwarder will request from the OS as otherwise it would be considered a memory leak.

What is the virtual memory footprint for Universal Forwarder?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation