Actions
Feature #3293
closedeve: per thread output files
Effort:
Difficulty:
Label:
Updated by Victor Julien about 5 years ago
- Subject changed from Add support to split eve json output to dedicated worker thread files similiar to pcap to eve: per thread output files
To avoid contention on the single output structure (+lock) when having many worker threads, add a mode where we have a eve.json per thread.
Modern tools like logstash/filebeat support tracking & processing multiple files w/o issue.
Updated by Victor Julien about 5 years ago
- Related to Task #3288: Suricon 2019 brainstorm added
Updated by Victor Julien about 5 years ago
- Related to Bug #2726: writing large number of json events on high speed traffic results in packet drops added
Updated by Jeff Lucovsky almost 5 years ago
@Mats Klepsland Will you be able to work on this issue? If not, I'd be happy to pick it up.
Updated by Mats Klepsland almost 5 years ago
Jeff Lucovsky wrote:
@Mats Klepsland Will you be able to work on this issue? If not, I'd be happy to pick it up.
Hi, Jeff.
My time is stretched both at work and at home, at the moment, so please do if you want to. This is a feature that I think would be awesome to have, performance wise :)
Updated by Victor Julien over 4 years ago
- Status changed from New to Assigned
- Assignee changed from Mats Klepsland to Jeff Lucovsky
- Target version changed from 70 to 6.0.0beta1
Updated by Jeff Lucovsky over 4 years ago
- Status changed from Assigned to In Review
Updated by Jeff Lucovsky over 4 years ago
- Status changed from In Review to Closed
Actions