Solved: Re: 'Memory Usage on Splunk server

SabariRajanT · ‎07-30-2020

There are 3 indexer, In which CPU usage is 99.77, 99.72, 99.61 respectively. Data is not getting indexed. any possible solution for this to resolve and troubleshoot?

Looking forward quick help

burwell · ‎07-30-2020

Hmm. Have you looked at the Splunkd.log on these indexers? What else is running? Could it be there is so much searching there are no free cycles? Does /bar/log/messages offer any hints?

View solution in original post

burwell · ‎07-30-2020

Hmm. Have you looked at the Splunkd.log on these indexers? What else is running? Could it be there is so much searching there are no free cycles? Does /bar/log/messages offer any hints?

SabariRajanT · ‎07-30-2020

I see DatabaseDirectoryManager, BucketMover,CMSlave, IndexerIf, S2SFileReceiver under var/log/messages.

burwell · ‎07-30-2020

So what's your architecture? How much data are your indexers indexing each day? How many indexers do you have? Are there other indexers that are not having cpu issues?

I think a lot more info is needed here.

gjanders · ‎07-30-2020

Have you had a look at https://docs.splunk.com/Documentation/Splunk/latest/DMC/ResourceusageDeployment and attempted to identify if it is search related to splunkd or similar?

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud

'Memory Usage on Splunk server

alert action

other

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms