Solved: Re: Why does it take time to transfer a gz file?

yutaka1005 · ‎02-21-2017

In my system architecture, UF is transfering 1.8GB GZ format Compressed ifilter log(original size is 15GB) to two IDX.
However, the transfer speed is very slow. In my calculation it will take around 24 hours to send all the logs.

The value of maxKbps is set to 0, So I am thinking that expand of the GZ file cause the matter.

But may such a matter occur?

martin_mueller · ‎02-23-2017

Make sure you don't change limits.conf in etc/system/default, instead create one in etc/system/local or etc/apps/some_app/local - else all changes are lost on upgrade of Splunk.

View solution in original post

martin_mueller · ‎02-23-2017

Make sure you don't change limits.conf in etc/system/default, instead create one in etc/system/local or etc/apps/some_app/local - else all changes are lost on upgrade of Splunk.

yutaka1005 · ‎03-01-2017

Thanks for your answer! I changed limits.conf in etc/system/local.

martin_mueller · ‎02-21-2017

UFs are capable of unpacking gzip at more than 20kb/s (1.8GB in 24h) - something else is going on.

yutaka1005 · ‎02-22-2017

Thanks for your comments ! I overlooked that "maxKBps = 256" was set in "/opt/splunkforwarder/etc/apps/SplunkUniversalForwarder/default/limits.conf". When I changed the setting value, the transfer was successfully done.

Why does it take time to transfer a gz file?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases