All Apps and Add-ons

*nix scripts - shortest realistic polling interval

iantivey
Engager

Ignoring the amount of data it will produce... What is the shortest realistic polling interval that can be set on the scripts in the *nix package? Let's say I set it to 1 second, would...

(a) the scripts use a shed load of CPU available on my servers? How much, roughly, on a 12-core Intel Sandybridge platform?

(b) some of the scripts take longer than 1 second to complete?

(c) any other problems to consider with setting such a short polling interval?

Thanks, Ian @ citihub.com

tbarnard
Explorer

Ian,

You have already identified 3 of the major issues, but I would start by asking the question what will that level of granularity get you and why do you need it?

Is this just information for charts and graphs? Or is this some performance metric that would be measured and possibly alerted on?

If it's the later of those two then you don't gain anything by short polling periods since your realistic response time to an incident is at best 10 minutes. Secondly if it's the later you will most likely end up having to filter out a ton of false alarms which will render the entire point of 1 second polling useless. If it's the former of these two then the false alarms, missing or incorrect data also render the point of that level of detail meaningless.

I was once tasked with creating a monitoring script that would monitor a service on a pool of servers at the 1 second interval. Trust me when I say it was a nightmare and pointless task; although I did learn a great deal from the experience.

My short answer is 1 minute; anything shorter and you will start running into major issues unless you're going to build a daemonized perl script with lots of error checking at which time you're not really talking about a script anymore, now you're building an application.

Travis

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...