Archive

Is this a known issue that splunk-optimize.exe on windows is faulting?

Contributor

Is this a known issue? Using Splunk Enterprise 7.0.2 on Windows Server 2012 R2.

Faulting application name: splunk-optimize.exe, version: 1792.512.23146.14948, time stamp: 0x5a6a3b8d
Faulting module name: ucrtbase.DLL, version: 10.0.10586.212, time stamp: 0x56fa10e8
Exception code: 0xc0000409
Fault offset: 0x0000000000068528
Faulting process id: 0xb0c
Faulting application start time: 0x01d3d72da73bc5d0
Faulting application path: C:\Program Files\splunk\bin\splunk-optimize.exe
Faulting module path: C:\Program Files\splunk\bin\ucrtbase.DLL
Report Id: eab32659-4320-11e8-80ca-0050569719bd
Faulting package full name: 
Faulting package-relative application ID: 

New Member

Hi,
we also test splunk. But get the same errors on the splunk server. All About 10 minutes splunk-optimize.exe crashes. Additionally this server has a high cpu caused by splunkd.exe. May we set some configuration to stop these issues?

Regards
Frank

0 Karma

Contributor

Log file info:

04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824_SplunkOptimize) Logging configuration: verbose=1, log2splunk=1
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) splunk-optimize start: dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4 mode=0 isfinal=false max_iteration=2147483647 min_src_count=8 lex_tpb=64
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_0=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897731-1523897731-13561173308247173833.tsidx sz=4261
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_1=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897733-1523897733-13612458228533476581.tsidx sz=4577
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_2=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897717-1523897717-12926469784342936364.tsidx sz=6629
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_3=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897714-1523897714-12797656349266986398.tsidx sz=7568
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_4=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897722-1523897722-13184096697444471740.tsidx sz=7891
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_5=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897720-1523897720-13054467136977953536.tsidx sz=7925
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_6=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897725-1523897725-13312179807691478568.tsidx sz=7960
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_7=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897730-1523897730-13538754480905189005.tsidx sz=29914
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
_SplunkOptimize) source_8=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897712-1523897538-12711880831551459716.tsidx sz=121754
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824SplunkOptimize) intermediate=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\7584-1523897736.merge
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824SplunkOptimize) target=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897733-1523897538-13699309549895350546.tsidx
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) optimize finished: files merged successfully, dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4, rc=0 (unsigned 0), errno=87

04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) optimize finished: no suitable pair of tsidx found for optimize, dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4, rc=-31 (unsigned 225), errno=18
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) exiting splunk-optimize process with rc=-31 (unsigned 225)

0 Karma

New Member

We are testing splunk with uberAgent and having the same issues with splunk-optimize.exe. About all 10 minutes the application crashes 3 to 4 times. Additionally splunkd.exe caused a high cpu. Should we Change some settings? What's going wrong here

0 Karma

Explorer

I'm having a similar issue with UF 7.0.2 and Windows Server 2012 R2. Except instead of splunk-optimize.exe, I'm having issues with splunk-winevtlog.exe and splunk-perfmon.exe.

I'm running SCEP for AV and the machine is an IIS server. AV Definition updates and the IIS worker process w3wp.exe are secondary suspects for us.

0 Karma