Performance reference for the Splunk Add-on for Windows
The following table provides the average events per second (EPS) for the listed WinEventLog channels:
Log Name | Number of Events | Seconds (Classic) | EPS (Classic) | Seconds (XML) | EPS (XML) |
---|---|---|---|---|---|
Application | 50000 | 8.5 | 5882 | 9.75 | 5128 |
System | 50000 | 9.5 | 5263 | 10.2 | 4901 |
Security | 45377 | 13.33 | 3404 | 16 | 2836 |
Powershell | 50000 | 7.33 | 6821 | 8 | 6250 |
Lookups for the Splunk Add-on for Windows | Common Information Model and Field Mapping Changes for the Splunk Add-on for Microsoft Windows |
This documentation applies to the following versions of Splunk® Add-on for Windows: 8.1.2
Feedback submitted, thanks!