Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Single/Multi Threading CPU

LCM
Contributor
‎02-25-2011 11:02 AM

Is splunk itself single or multi threading capable in a CPU architecture perspective?

The docus I've read was mostly about x86 arch. but not SPARC!

Example:

If splunk is multithreaded and I'm installing it on a T-series server (Sun) I might be faster than on a M-series server (Sun), cos T-series has more threads per core. On the other hand, if it's singlethreaded, I'm better on the M-series (less threads, but more power per thread), but that one is much more expensive.

I know, who will install it these days on SPARC - sometimes politics wins!

I read through some documentation, and I might have a guess: Single Threaded!

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎02-25-2011 06:00 PM

Take a look at this Splunk Answers:

http://answers.splunk.com/questions/1829/splunk-searches-to-be-multithreaded-in-a-single-box

The short answer is that Splunk as a system is multi-threaded, but there are some Splunk processes that are not. Notably: indexing is multi-threaded, searches aren't. As gkanapathy mentions below, each search will use a single process and thread, so if you have 12 simultaneous searches, and a high indexing load, Splunk itself could use 16 threads.

Perhaps an engineer can provide guidance if there is anything particular to SPARC systems, but I believe that link is representative.

View solution in original post

Reply
Solved! Jump to solution
Solution

David
Splunk Employee
Splunk Employee
‎02-25-2011 06:00 PM

Take a look at this Splunk Answers:

http://answers.splunk.com/questions/1829/splunk-searches-to-be-multithreaded-in-a-single-box

The short answer is that Splunk as a system is multi-threaded, but there are some Splunk processes that are not. Notably: indexing is multi-threaded, searches aren't. As gkanapathy mentions below, each search will use a single process and thread, so if you have 12 simultaneous searches, and a high indexing load, Splunk itself could use 16 threads.

Perhaps an engineer can provide guidance if there is anything particular to SPARC systems, but I believe that link is representative.

Reply
Solved! Jump to solution

David
Splunk Employee
Splunk Employee
‎02-28-2011 06:25 PM

Thanks for the corrections. I fixed the errors in my original answer, should anyone read it in the future and skip over comments.

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-26-2011 10:58 PM

All that said, please do not analogize Splunk with a web server for the purposes of sizing and multithreading. It is much more analogous to a database server, in that CPU and threads are only a small part of the performance factors, and rarely the most important ones.

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-26-2011 10:56 PM

Furthermore, each concurrent search uses a full process and thread.

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-26-2011 10:56 PM

That is incorrect. The indexing process is multi-threaded, up to four or more threads, though in practice you'll usually see two.

0 Karma
Reply
Solved! Jump to solution

LCM
Contributor
‎02-26-2011 03:25 PM

In the thread you posted, silvermails answer explains it best (for me). While searching, one core is beeing clamed and the rest ist idling (single-thread) - Thanks David for the hint!

Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...