Splunk?
Splunk
I just got my first Linode up and running on Monday and have transferred several small web sites over to it. I was wanting to test out some reporting packages so that I could easily keep an eye on which sites are consuming the most resources. Splunk is pretty snazzy, but running on my test server, it's consuming lots of resources. Granted, there are 5 years of logs as opposed to a few days, but I'm still wondering if it may be a CPU, memory, or IO burden over time.
If anyone has tried, are there any tuning tips they may recommend to make it Linode-friendlier?
If not, I may test the waters a little bit with it and see what the reaction is.
1 Reply
There are several ways to tune indexing performance with Splunk. By default it will index on any fields it identifies in the access_combined source types. (I assume this is what you are indexing.)
You may want to run what we call summary indexes to generate web analytics reports. There is another video tip that discuss that subject:
BTW, you'll want to make sure you are running the latest build (3.2.4 as of this post). Because Linode is a VM solution you can expect disk access to be a bit slow, and in turn affect Splunk's indexing performance.