Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Does increasing time_before_close in splunk have any performance side effects ?

sfmandmdev
Path Finder
‎09-28-2012 03:38 PM

We have jvm gc logs which are pausing while writing loglines for more than a minute. So are thinking of increasing the time_before_close to a value more than 60 secs. But before doing that there are couple questions I wanted addressed:

  1. Does increasing time_before_close field lead to performance degradation of splunk ?
  2. Is there a splunk config to apply this setting only to particular log files in the app ? Reason being could monitoring the jvm logs longer affect splunk forwarding/indexing other logs ?
Tags (1)
0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎09-30-2012 06:51 PM

For your first question, the answer is most likely "maybe, depending on your exact circumstances". It's hard to make absolute statements about this. Depending on how many files you're tailing, it could mean you'll need more file handles for Splunk to use because each one will stay open longer. If you are only tailing a couple of hundred files, it might not matter. If you are tailing thousands, it could be a different story.

For your second question, this setting is global for the instance of Splunk. There's no way to (as of version 4.3) on a per-stanza or similar basis. You could always submit an enhancement request to improve this functionality.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...