Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I measure I/O on my Splunk hardware?

Yancy
Path Finder
‎06-17-2010 01:32 PM

The Capacity Planning for Splunk page recommends disks that are:

capable of 800 IO operations / second (IOPS)

What are some ways that I can measure potential throughput? I might have access to some secondhand hardware, and this would be one of the main criteria I use before accepting it for Splunk use.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎06-17-2010 04:34 PM

It really depends on your platform, Unix has several utilities that give you information on this - iostat, dtrace, vmstat etc - this page contains useful information on all of these.

The Unix app for Splunk contains 'iostat' and 'vmstat' scripted inputs, and you can configure/create any other ones you would like to visualize

For Windows, you will likely need to install some custom tool as there's not really an equivalent to the Unix commands above, but the Splunk for Windows app will give you other useful information.

View solution in original post

Reply
Solved! Jump to solution

dwaddle
SplunkTrust
SplunkTrust
‎10-22-2011 09:28 AM

The SplunkIT app does not exactly do IOPS measurement, but it should be useful for getting useful benchmark measurements against a Splunk indexer.

Reply
Solved! Jump to solution

oreoshake
Communicator
‎06-17-2010 10:41 PM

They also recommend running bonnie++ as it mimics Splunk disk usage

Reply
Solved! Jump to solution

chicodeme
Communicator
‎10-21-2011 02:13 PM

how about these parameters?
./bonnie++ -n 0 -u 0 -r free -m | grep 'Mem:' | awk '{print $2}' -s $(echo "scale=0;free -m | grep 'Mem:' | awk '{print $2}'*2" | bc -l) -f -b -d /tmp

0 Karma
Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-18-2010 01:56 AM

You do have to be careful to run bonnie++ with the right of parameters (defaults tend to be on the small side for memory and disk sizes from several years ago) to get meaningful results, or you will just wind up testing the speed of your cache.

Reply
Solved! Jump to solution
Solution

Mick
Splunk Employee
Splunk Employee
‎06-17-2010 04:34 PM

It really depends on your platform, Unix has several utilities that give you information on this - iostat, dtrace, vmstat etc - this page contains useful information on all of these.

The Unix app for Splunk contains 'iostat' and 'vmstat' scripted inputs, and you can configure/create any other ones you would like to visualize

For Windows, you will likely need to install some custom tool as there's not really an equivalent to the Unix commands above, but the Splunk for Windows app will give you other useful information.

Reply
Solved! Jump to solution

gkanapathy
Splunk Employee
Splunk Employee
‎06-18-2010 02:01 AM

Windows WMI Performance counters are quite good. You'll want the PhysicalDisk operations per second counters for measurement.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...