What is the virtual memory footprint for Universal...

Rob · ‎03-15-2011

How much memory can I expect the Universal Forwarder to require on a machine? Is there a hard ceiling for the virtual memory that a Universal forwarder will ask to be allocated from the OS? If so, can this value be configured?

gkanapathy · ‎03-15-2011

The Universal and Light Forwarders are not different in this regard. There is no hard ceiling. The amount used will depend on the number of files and other inputs being monitored.

Rob · ‎03-16-2011

What I am looking for is to determine what the maximum amount of virtual memory is that could be used if every queue were full in the universal forwarder. As I understand it for 4.1.x, that number would be 256MB on a 64bit system as there are 4 queues which can hold 1000 x 64KB chunks of event data. Only one queue can have the queue size be modified by outputs.conf (tcpout) whereas the rest can not be modified. I imagine there is a ceiling for the amount of virtual memory that the forwarder will request from the OS as otherwise it would be considered a memory leak.

What is the virtual memory footprint for Universal Forwarder?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

Are you a member of the Splunk Community?

What is the virtual memory footprint for Universal Forwarder?

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine