Solved: Re: 'Memory Usage on Splunk server

SabariRajanT · ‎07-30-2020

There are 3 indexer, In which CPU usage is 99.77, 99.72, 99.61 respectively. Data is not getting indexed. any possible solution for this to resolve and troubleshoot?

Looking forward quick help

burwell · ‎07-30-2020

Hmm. Have you looked at the Splunkd.log on these indexers? What else is running? Could it be there is so much searching there are no free cycles? Does /bar/log/messages offer any hints?

View solution in original post

burwell · ‎07-30-2020

Hmm. Have you looked at the Splunkd.log on these indexers? What else is running? Could it be there is so much searching there are no free cycles? Does /bar/log/messages offer any hints?

SabariRajanT · ‎07-30-2020

I see DatabaseDirectoryManager, BucketMover,CMSlave, IndexerIf, S2SFileReceiver under var/log/messages.

burwell · ‎07-30-2020

So what's your architecture? How much data are your indexers indexing each day? How many indexers do you have? Are there other indexers that are not having cpu issues?

I think a lot more info is needed here.

gjanders · ‎07-30-2020

Have you had a look at https://docs.splunk.com/Documentation/Splunk/latest/DMC/ResourceusageDeployment and attempted to identify if it is search related to splunkd or similar?

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

'Memory Usage on Splunk server

alert action

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation