I am in the process of testing the integration of Splunk into our enterprise system and have been asked by our architect to determine the performance impact of the universal forwarder. I have read extensively through the documentation and all I can find is the ‘marketing terms’ “extremely lightweight “, “low impact” etc. This unfortunately does not satisfy my superiors!
I have tested the universal forwarder in situ and have sufficient figures on all areas but memory usage, in particular hard disk space. I have two questions
1. The metrics logs seem to roll, it looks like they keep approx 14days of information, is 14 days the cycle? Or are they based on something else? Assuming our production quantities remain stable is this a consistent quantity of data? Or to ask the same question in a different manner, the metrics logs are currently 150mb will they remain so?
2. The .dmp log that is written when an error occurs is approx. 125mb. That represents a significant overhead. Is it possible to turn off this reporting feature?
Thanks
... View more