This page is a collection of search performance benchmarks on low spec machines. These results will provide a reference for search performance when using similar or superior hardware configurations. The data sets used will range from typical network data to application log data like log4j. The figures below are low end servers with a core density of 4 to 6 cores.
On more modern hardware expect to see events of 1M eps or more.
Benchmarking ASA data which typically looks like this:
Apr 14 05:36:27 100.0.1.7 Apr 14 2012 04:38:22: %ASA-4-106023: Deny icmp src vlan6:177.234.7.110 dst vlan190:200.200.211.7 (type 11, code 0) by access-group "vlan6_access_in" [0xb5779a20, 0x0] Apr 14 05:36:31 100.0.1.7 Apr 14 2012 04:38:26: %ASA-4-106023: Deny icmp src vlan6:177.234.6.177 dst vlan190:200.200.211.7 (type 11, code 0) by access-group "vlan6_access_in" [0xb5779a20, 0x0] Apr 14 05:36:38 100.0.1.7 Apr 14 2012 04:38:33: %ASA-4-106023: Deny icmp src vlan6:177.234.25.66 dst vlan190:200.200.211.7 (type 3, code 0) by access-group "vlan6_access_in" [0xb5779a20, 0x0] Apr 14 05:36:55 100.0.1.7 Apr 14 2012 04:38:50: %ASA-4-106023: Deny icmp src vlan6:177.234.29.22 dst vlan190:200.200.211.7 (type 11, code 0) by access-group "vlan6_access_in" [0xb5779a20, 0x0] Apr 14 05:36:56 100.0.1.7 Apr 14 2012 04:38:51: %ASA-4-106023: Deny icmp src vlan6:177.234.1.2 dst vlan190:200.200.211.7 (type 3, code 0) by access-group "vlan6_access_in" [0xb5779a20, 0x0]
Network event data usually takes the form of one line events, containing security, network access and configuration information.
Hardware spec
| CPU: | 1 x Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz (4 x 3.30 GHz) |
| RAM: | 16GB DDR3 ECC |
| NETWORK: | Network Bandwith 4.00 Gbps |
The sample data contains multi-line events containing typical log messages, stacktraces, exceptions and application errors and warnings. Exceptions and stacktraces typically span several lines.
2014-10-16 12:45:07,259355 INFO visitor-feed-179-1 (log.AgentLogServiceImpl) LOGGER - WatchDirectory tag:logscape-sched dir:./work/schedule,!App,!_SERVER_,/home/gomoz/drops/logscape/work/schedule,!/home/gomoz/drops/logscape/App,!/home/gomoz/drops/logscape/_SERVER_,_ABS_GENERATED_ filePattern:*schedule*.log* hosts: timeFormat:null sort:ContentBasedSorter null Started tailing file[/home/gomoz/drops/logscape/work/schedule/14Jan15-schedule-all.log] indexedAlready[false] tailers[38] tailersToSubmit[1] 2014-10-16 12:45:07,268059 INFO long-running-11-5 (bundle.BundleRRegListenerImpl) 0) Checking Work:BOOT_REQUESTlogscape-dev-LookupSpace:boot-1.0:LookupSpace Needed:98 Resource:logscape-dev-11003-0 2014-10-16 12:45:07,276763 INFO long-running-11-5 (resource.ResourceSpace) [Allocation:logscape-dev-11003-0-ALLOCATED owner:BundleSvcAlloc11000-logscape-dev work:BOOT_REQUESTlogscape-dev-LookupSpace:boot-1.0:LookupSpace p:100 requestId:BOOT_REQUESTlogscape-dev-LookupSpace ]
Hardware Spec:
| CPU: | 1 x Intel(R) Xeon(R) CPU E3-1230 V2 @ 3.30GHz (4 x 3.30 GHz) |
| RAM: | 16GB DDR3 ECC |
| NETWORK: | Network Bandwith 4.00 Gbps |
| EVENTS | 433k events/sec |
