CPU usage using the lightforwarder

I am using the light forwarder on AIX and running into high CPU usage (80-90% of a CPU). We tracked it down to using ellipse in the monitor line in inputs.conf. (even a "*" uses too much CPU). We are using the ellipse so that we can deploy the same inputs.conf to several machines, each with a different directory path.

If we tighten it down to a single directory/file, things run great.

My question is: Is there any way to have splunk traverse the directory tree less often (once a day or even less frequent), but still read files it already knows about in near real time?

I did not see anything in the doc about a setting like that.

asked 07 Jun '11, 14:03

kkalmbach
89●1●8
accept rate: 0%

edited 07 Jun '11, 14:09

One Answer:

oldest newest most voted

0	You should open a bug on this issue. You'd have to write your own script to look for new files. link answered 07 Jun '11, 14:26 mw 1.7k●2●15 accept rate: 29%

Post your answer

toggle preview

Follow this question

Email:

RSS:

Answers

Answers + Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "Title")
image?![alt text](/path/img.jpg "Title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Tags:

inputs ×249
lightforwarder ×127
cpu ×60

Asked: 07 Jun '11, 14:03

Seen: 1,501 times

Last updated: 07 Jun '11, 14:26

CPU usage using the lightforwarder

Follow this question

Splunk Resources

Related questions