Actions
Feature #3293
closed
AH
JL
eve: per thread output files
Feature #3293:
eve: per thread output files
Effort:
Difficulty:
Label:
VJ Updated by Victor Julien over 6 years ago
- Subject changed from Add support to split eve json output to dedicated worker thread files similiar to pcap to eve: per thread output files
To avoid contention on the single output structure (+lock) when having many worker threads, add a mode where we have a eve.json per thread.
Modern tools like logstash/filebeat support tracking & processing multiple files w/o issue.
VJ Updated by Victor Julien over 6 years ago
- Parent task deleted (
#3288)
VJ Updated by Victor Julien over 6 years ago
- Related to Task #3288: Suricon 2019 brainstorm added
VJ Updated by Victor Julien over 6 years ago
- Related to Bug #2726: writing large number of json events on high speed traffic results in packet drops added
JL Updated by Jeff Lucovsky about 6 years ago
@mats Will you be able to work on this issue? If not, I'd be happy to pick it up.
MK Updated by Mats Klepsland about 6 years ago
Jeff Lucovsky wrote:
@mats Will you be able to work on this issue? If not, I'd be happy to pick it up.
Hi, Jeff.
My time is stretched both at work and at home, at the moment, so please do if you want to. This is a feature that I think would be awesome to have, performance wise :)
VJ Updated by Victor Julien almost 6 years ago
- Status changed from New to Assigned
- Assignee changed from Mats Klepsland to Jeff Lucovsky
- Target version changed from 70 to 6.0.0beta1
JL Updated by Jeff Lucovsky over 5 years ago
- Status changed from Assigned to In Review
JL Updated by Jeff Lucovsky over 5 years ago
- Status changed from In Review to Closed
Actions