Splunk Search

Anybody seen search/indexer performance degradation after installing Meltdown patches on Linux

leonrtx
Explorer

Hello

Has anybody seen any indexer/search performance degradation after installing the Meltdown patches on Linux? Anybody willing to share some performance before and after stats?

Tags (1)

ChrisG
Splunk Employee
Splunk Employee

See this blog post for the latest Splunk communication and test results: https://www.splunk.com/blog/2018/02/12/meltdown-patch-and-the-impact-on-infrastructure-supporting-sp...

0 Karma

mendesjo
Path Finder

My Splunk rep told me that Splunk cloud was patched (we are still on prem), and they were testing for performance. Anyone know if WIndows or Linux Splunk agents are compatible with Microsoft or Linux OS patches for Meltdown/Spectre ?

0 Karma

gjanders
SplunkTrust
SplunkTrust

The agents should not notice the difference as this is an OS level (and potentially a patch at the CPU level), as long as the OS functions as normal the agent should continue to function as normal...(with the potential performance decrease of course)

0 Karma

mendesjo
Path Finder

Agreed, however, Anti-Virus software as an example is not all compatible, some work other require upgrades. I grant you that a Splunk agent doesn't behave like an anti-virus/malware software but just want to be sure before we start patching and find an issue with the OS patches and Splunk agents.

0 Karma
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...