System Requirements

Owned by XPLG Team
Last updated: Aug 05, 2024 by XPLG Team
4 min read

Overview

Resource utilization can vary between different installation architectures of XPLG. For XPLG deployment choices exist from a single very large machine through to multiple much smaller ones. So which is the preferred option ?

From our experience the “rule”, or optimal setup is for medium-large machines that will balance between performance results and not too many cluster nodes to be managed.
There is no fixed formula as XPLG is used for a wide variety of tasks. The details below provide some important key notes based on our experience.

Generally, for low daily volume of data (<5 GB/Day) a laptop or standard machine is sufficient, but when it comes to production deployments, there are a several considerations to factor in.

Supported Operating Systems (standalone installation)

The following operating systems are supported for standalone installation:

  • Linux Kernel versions 2.6.x and later (x86 (only 64-bit is supported))

  • Windows Server 2012, Server 2012+ (x86 (only 64-bit is supported))

  • Mac OS X 11+

Memory and JAVA

Memory is an important resource - aggregations are memory consumers and many data structures are stored in it. Depends on your daily volume, consider a 32GB or 16 GB machines. Less than 8 GB is less effective and impacts performance.
Java 17 is mandatory , and while allocating memory to XPLG (XpoLog lax file) make sure to leave available memory to the OS that XPLG runs on:

  • In Linux OS- allocate approximately 75% of the available machine’s memory.

  • In Windows OS - allocate approximately 50% of the available memory.

In any case, do not allocated more than 32GB to a single XPLG process, as crossing it mainly reduces memory management efficiency, CPUs usage and GC handling of large heap size.

Finally, pay attention to Swapping – swapping memory to disk significantly reduces performance. Try to lower swappiness as much as possible - this value controls the OS swapping policy.

Supported Browsers

The following browsers are supported:

  • Google Chrome (Version 105+) - recommended

  • Mozilla Firefox (Version 105+)

  • MS Edge (Version 105+)

  • MS Internet Explorer is no longer supported

Required Ports

The following are the default ports which should be opened:

  • 30303 - HTTP client access to XPLG web interface and communication between different XPLG instances (may be modified if needed)

  • 30443 - HTTPS client access to XPLG web interface and communication between different XPLG instances (may be modified if needed)

  • Syslog - TCP and/or UDP any port that is required to be used.

  • 22 - In order to enable XPLG to establish connections to remote machines over SSH (can be modified if needed)

  • 25 - In order to enable XPLG to use a SMTP server to send emails (can be modified if needed)

  • Alerting:

    • 162 - In order to enable XPLG to send SNMP traps (can be modified if needed)

    • 7676 - In order to enable XPLG to send JMS messages (can be modified if needed)

  • 389 - In order to enable XPLG to authenticate users against an Active Directory (can be modified if needed)

  • 636 - In order to enable XPLG to authenticate users against an Active Directory through a secured connection 

  • JDBC - In case XPLG is planned to connect to databases using JDBC drivers, it is mandatory to open the relevant ports:

    • Oracle - 1521 (can be modified if needed)

    • MSSQL - 1433 (can be modified if needed)

    • MySQL - 3306 (can be modified if needed)

    • DB2 - 50000 (can be modified if needed)

    • Postgres - 5432 (can be modified if needed)

  • Windows Only:

    • 135-139, 445 - Share and UNC access to remote servers 

Hardware Recommendations

CPUs

You should choose a modern processor with multiple cores. Standard machines running XPLG utilize 4-8 cores.
If you need to choose between faster CPUs or more cores, choose more cores.

Disks

Disks are important for XPLG - XPLG processing engines mostly perform write operations but not only, while XPLG UI engines mostly perform read operations but not only.
XPLG does many bulk reads/writes and many disk seeks and as disks are usually the slowest subsystem in a server, they easily become the bottleneck of the XPLG cluster.
If you can afford SSDs, they are by far superior to any spinning media. If SSD is not an option, try to obtain the fastest disks possible (high-performance server disks, 15K RPM).
Network Attached Storage (NAS) is optional but note that NAS is often slower and displays larger latency. RAID 0, 10, 01, 0+1 will give the best performance, while RAID 5 will offer the worst performance.

It is mandatory to perform tests on your set of data and configuration deployment to determine optimized performance since it may vary between different types of data and searches XPLG performs.

Note: Linux deployments - it is mandatory to allocate a high number of open files and processes to the user that runs XPLG - for more information please see Post Installation Recommendations or contact support@xplg.com for more details.

Network

A fast and reliable network is obviously important to performance in a distributed system. Modern data-center networking (1 GbE, 10 GbE) is sufficient for most clusters.
From our experience it is recommended to avoid clusters that are distributed over multiple data centers / geographical locations

General Recommendations Standard

The following is hardware recommendation for up to 3 concurrent users, and < 10 GB of daily logs volume:

  • 4 CPU cores (2.5-3 GHz per core)

  • Linux or Windows 64-bit

  • 8 GB RAM

Recommended

The following is hardware recommendation for up to 5 concurrent users, and < 10 GB of daily logs volume:

  • 8 CPU cores (3 GHz per core)

  • Linux or Windows 64-bit OS

  • 16 GB RAM

Cluster

The following is hardware recommendation for up to 25 concurrent users, and higher daily logs volume:
(contact support@xplg.com to determine if a cluster is needed. More information about clustering can be found here. See installations details at HA Cluster Installation (multi-machines))

  •   Processor node

    •  <25 GB/Day: 

      • 1 Node: 8 CPU cores, 32 GB memory, 64-bit OS

    • <100 GB/Day:

      • 2 Nodes: 8 CPU cores, 32 GB memory, 64-bit OS

    • <500 GB/Day:

      • 3 Nodes: 8 CPU cores, 32 GB memory, 64-bit OS

    • >500 GB/Day - contact us to discuss.

  • UI node*

    • <25 GB/Day:

      • 8 CPU cores, 32 GB memory, 64-bit OS

    • <100 GB/Day:

      • 8 CPU cores, 32 GB memory, 64-bit OS

    • <500 GB/Day: 

      • 8 CPU cores, 32 GB memory, 64-bit OS

    • >500 GB/Day - contact us to discuss.

    * Number of UI nodes should be determined based on the expected number of concurrent user and desired redundancy/balancing.