Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why does it take time to transfer a gz file?

yutaka1005
Builder
‎02-21-2017 05:12 AM

In my system architecture, UF is transfering 1.8GB GZ format Compressed ifilter log(original size is 15GB) to two IDX.
However, the transfer speed is very slow. In my calculation it will take around 24 hours to send all the logs.

The value of maxKbps is set to 0, So I am thinking that expand of the GZ file cause the matter.

But may such a matter occur?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-23-2017 12:01 AM

Make sure you don't change limits.conf in etc/system/default, instead create one in etc/system/local or etc/apps/some_app/local - else all changes are lost on upgrade of Splunk.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-23-2017 12:01 AM

Make sure you don't change limits.conf in etc/system/default, instead create one in etc/system/local or etc/apps/some_app/local - else all changes are lost on upgrade of Splunk.

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎03-01-2017 09:00 PM

Thanks for your answer! I changed limits.conf in etc/system/local.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎02-21-2017 06:59 AM

UFs are capable of unpacking gzip at more than 20kb/s (1.8GB in 24h) - something else is going on.

0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎02-22-2017 05:27 PM

Thanks for your comments ! I overlooked that "maxKBps = 256" was set in "/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/limits.conf". When I changed the setting value, the transfer was successfully done.

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...