Performance reference
The following table provides the Search time performance metric for Unix and Linux TA version 10.0.0, where
- total ingested events = 35M
- Machine Specifications = m5.large (2 vCPUs, 8.0 GiB of memory and up to 10 Gibps of bandwidth)
| Sourcetype | Search Query | Event count | Search Time in Seconds |
|---|---|---|---|
| Linux:SELinuxConfig | index=main sourcetype=Linux:SELinuxConfig | 1000000 | 27.149 |
| Unix:ListeningPorts | index=main sourcetype=Unix:ListeningPorts | 1000000 | 27.829 |
| Unix:SSHDConfig | index=main sourcetype=Unix:SSHDConfig | 1000000 | 28.1195 |
| Unix:Service | index=main sourcetype=Unix:Service | 1000000 | 28.7235 |
| Unix:Update | index=main sourcetype=Unix:Update | 1000000 | 29.0225 |
| Unix:Uptime | index=main sourcetype=Unix:Uptime | 1000000 | 26.185 |
| Unix:UserAccounts | index=main sourcetype=Unix:UserAccounts | 1000000 | 31.4405 |
| Unix:VSFTPDConfig | index=main sourcetype=Unix:VSFTPDConfig | 1000000 | 30.285 |
| Unix:Version | index=main sourcetype=Unix:Version | 1000000 | 34.8225 |
| aix_secure | index=main sourcetype=aix_secure | 1000000 | 48.667 |
| auditd | index=main sourcetype=auditd | 1000000 | 45.6775 |
| bandwidth | index=main sourcetype=bandwidth | 1000000 | 32.818 |
| cpu | index=main sourcetype=cpu | 1000000 | 43.0995 |
| df | index=main sourcetype=df | 1000000 | 49.058 |
| dhcpd | index=main sourcetype=dhcpd | 1000000 | 75.419 |
| hardware | index=main sourcetype=hardware | 1000000 | 45.0395 |
| interfaces | index=main sourcetype=interfaces | 1000000 | 44.868 |
| iostat | index=main sourcetype=iostat | 1000000 | 61.5745 |
| lastlog | index=main sourcetype=lastlog | 1000000 | 30.6895 |
| linux_audit | index=main sourcetype=linux_audit | 1000000 | 46.4935 |
| linux_secure | index=main sourcetype=linux_secure | 1000000 | 61.401 |
| lsof | index=main sourcetype=lsof | 1000000 | 35.1035 |
| netstat | index=main sourcetype=netstat | 1000000 | 41.1655 |
| nfsiostat | index=main sourcetype=nfsiostat | 1000000 | 37.9745 |
| openPorts | index=main sourcetype=openPorts | 1000000 | 26.067 |
| package | index=main sourcetype=package | 1000000 | 33.6925 |
| protocol | index=main sourcetype=protocol | 1000000 | 35.889 |
| ps | index=main sourcetype=ps | 1000000 | 51.4015 |
| syslog | index=main sourcetype=syslog | 1000000 | 57.361 |
| time | index=main sourcetype=time | 1000000 | 32.249 |
| top | index=main sourcetype=top | 1000000 | 34.978 |
| usersWithLoginPrivs | index=main sourcetype=usersWithLoginPrivs | 1000000 | 27.7015 |
| vmstat | index=main sourcetype=vmstat | 1000000 | 56.173 |
| who | index=main sourcetype=who | 1000000 | 28.9615 |