Hello all!
We've started to roll out the Splunk App for Stream to a few of our production servers. I've been watching the streamfwd.exe process' memory usage, and it just keeps growing. After leaving it run all night it was at 3.1GB this morning.
We're on Splunk 6.3 with the latest Splunk_TA_Stream (as far as I'm aware). We're only pulling SIP traffic.
I'll likely end up opening a support ticket, but wanted to ask here first if anyone else has seen this before.
Thanks!
I'd recommend opening a support ticket since the issue will likely require some in-depth troubleshooting. Meanwhile, you can take a look at Network Metrics/Stream Forwarder Metrics/Stream Forwarder Log dashboards to see if there's anything suspicious there. I'd need to make sure the _internal index data from Splunk_TA_Stream host is available (i.e. _internal index is forwarded from UF running Splunk_TA_Stream) on the search head running Splunk App For Stream.
Will do, thanks!