Performance Reference for Splunk Add-on for Unix and Linux

The following table provides the Search time performance metric for Unix and Linux TA version 10.0.0, where

• total ingested events = 35M
• Machine Specifications = m5.large (2 vCPUs, 8.0 GiB of memory and up to 10 Gibps of bandwidth)

Sourcetype	Search Query	Event count	Search Time in Seconds
Linux:SELinuxConfig	index=main spurcetype=Linux:SELinuxConfig	1000000	27.149
Unix:ListeningPorts	index=main spurcetype=Unix:ListeningPorts	1000000	27.829
Unix:SSHDConfig	index=main spurcetype=Unix:SSHDConfig	1000000	28.1195
Unix:Service	index=main spurcetype=Unix:Service	1000000	28.7235
Unix:Update	index=main spurcetype=Unix:Update	1000000	29.0225
Unix:Uptime	index=main spurcetype=Unix:Uptime	1000000	26.185
Unix:UserAccounts	index=main spurcetype=Unix:UserAccounts	1000000	31.4405
Unix:VSFTPDConfig	index=main spurcetype=Unix:VSFTPDConfig	1000000	30.285
Unix:Version	index=main spurcetype=Unix:Version	1000000	34.8225
aix_secure	index=main spurcetype=aix_secure	1000000	48.667
auditd	index=main spurcetype=auditd	1000000	45.6775
bandwidth	index=main spurcetype=bandwidth	1000000	32.818
cpu	index=main spurcetype=cpu	1000000	43.0995
df	index=main spurcetype=df	1000000	49.058
dhcpd	index=main spurcetype=dhcpd	1000000	75.419
hardware	index=main spurcetype=hardware	1000000	45.0395
interfaces	index=main spurcetype=interfaces	1000000	44.868
iostat	index=main spurcetype=iostat	1000000	61.5745
lastlog	index=main spurcetype=lastlog	1000000	30.6895
linux_audit	index=main spurcetype=linux_audit	1000000	46.4935
linux_secure	index=main spurcetype=linux_secure	1000000	61.401
lsof	index=main spurcetype=lsof	1000000	35.1035
netstat	index=main spurcetype=netstat	1000000	41.1655
nfsiostat	index=main spurcetype=nfsiostat	1000000	37.9745
openPorts	index=main spurcetype=openPorts	1000000	26.067
package	index=main spurcetype=package	1000000	33.6925
protocol	index=main spurcetype=protocol	1000000	35.889
ps	index=main spurcetype=ps	1000000	51.4015
syslog	index=main spurcetype=syslog	1000000	57.361
time	index=main spurcetype=time	1000000	32.249
top	index=main spurcetype=top	1000000	34.978
usersWithLoginPrivs	index=main spurcetype=usersWithLoginPrivs	1000000	27.7015
vmstat	index=main spurcetype=vmstat	1000000	56.173
who	index=main spurcetype=who	1000000	28.9615