I know this is not a Splunk specific question, however I have asked a similar question in the past about tuning for UDP syslog on linux. I need to know what to watch out for when dealing with high volumes and bursts of TCP syslog. This is a Server 2012 VM using vmxnet3 drivers. I have maxed out the Small/Large RX Buffers as well as RX Ring #1/#2 Size. I have also tested enabling/disabling LSO V2 (IPv4) but that had little impact.
Any assistance would be appreciated.
Thanks
Resolved issue with our RHEL UDP syslog environment. WinOS was not able to increase receive buffers to amount that was required.
Resolved issue with our RHEL UDP syslog environment. WinOS was not able to increase receive buffers to amount that was required.