What is the virtual memory footprint for Universal...

Rob · ‎03-15-2011

How much memory can I expect the Universal Forwarder to require on a machine? Is there a hard ceiling for the virtual memory that a Universal forwarder will ask to be allocated from the OS? If so, can this value be configured?

gkanapathy · ‎03-15-2011

The Universal and Light Forwarders are not different in this regard. There is no hard ceiling. The amount used will depend on the number of files and other inputs being monitored.

Rob · ‎03-16-2011

What I am looking for is to determine what the maximum amount of virtual memory is that could be used if every queue were full in the universal forwarder. As I understand it for 4.1.x, that number would be 256MB on a 64bit system as there are 4 queues which can hold 1000 x 64KB chunks of event data. Only one queue can have the queue size be modified by outputs.conf (tcpout) whereas the rest can not be modified. I imagine there is a ceiling for the amount of virtual memory that the forwarder will request from the OS as otherwise it would be considered a memory leak.

What is the virtual memory footprint for Universal Forwarder?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

What is the virtual memory footprint for Universal Forwarder?

Accelerating Observability as Code with the Splunk AI Assistant

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!