Large Lookup tables OK?

jason · December 10, 2017, 6:34pm

Hi there

I want to use the CSV file option in Lookup tables to bring a range of metadata into Graylog. I’m definitely doing our Asset database (to map IP addresses to workstations), but am also thinking of blacklists for tagging external addresses as suspicious.

The latter would be hundreds of thousands of lines long, so I just wanted to check that graylog would be ‘happy’ with that. eg if you’re dealing with 10K/sec ingestion rates and every line contains an IP address, then that would be 10K lookups per second. Obviously there’s some (minor in the scheme of things) RAM requirements - but I was mainly concerned about CPU - ie that graylog uses hash tables or something to optimise lookup performance?

Thanks!

Jason

jochen · December 10, 2017, 10:01pm

I’m not sure we’ve tested the CSV adapter with very large files but I’d be very interested in your findings (and many other people too, I think).

system · December 24, 2017, 10:01pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CSV data adapator limited to one pair? Graylog Central (peer support)	2	559	November 20, 2017
Garylog 3.1 lookup tables Graylog Central (peer support)	3	482	September 10, 2019
ASN lookup table Graylog Central (peer support)	10	1385	March 13, 2019
Database Data Adapter Graylog Central (peer support)	2	1691	August 7, 2018
Lookup Tables \ TIP \ MineMeld Graylog Central (peer support)	3	813	May 25, 2018

Large Lookup tables OK?

Related Topics