How do I prevent Introspection Generator to read information about non splunk process when hidepid activated on /proc ?

Splunk Employee
Splunk Employee


my splunk is running as splunk user on a linux system where the admin has secured the OS by using hidepid=1 on /proc (see and

As a consequence, splunkd.log is filled with these error messages :
ERROR IntrospectionGenerator:resource_usage - RU - Fail to readlink(2) /proc/nnnn/exe: Operation not permitted where nnnn is a pid from a process not run by splunk
This is repeated for each pid so generate a lot of noise.

I would like to tell Introspection to only look at it's own pid in that case or not produce error message for this.

Any idea how to do this ?

0 Karma

Splunk Employee
Splunk Employee

As a workaround, I completely disabled the generator for resource usage
in server.conf


this stop the error message flood but that will also disable all related stats in the monitoring console....