Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Configuration initialization for /opt/splunk/etc took longer than expected in Splunk. Indicates storage performance.

mayankrojo
Explorer
‎09-02-2020 02:35 AM

Hello All,

I have a question. I am getting the below warning on all the panels of my dashboard. Also, the search is taking a lot of time to execute.

Configuration initialization for /opt/splunk/etc took longer than expected (1953ms) when dispatching a search with search ID _bWFkaHVyaS5tYXlhbmtAcm9qb2NvbnN1bHRhbmN5LmNvbQ_bWFkaHVyaS5tYXlhbmtAcm9qb2NvbnN1bHRhbmN5LmNvbQ__search__search1_1598863806.484277. This usually indicates problems with underlying storage performance.

I checked with the disk usage and CPU utilization but that is not an issue here. 

I am on version Splunk 7.2.4 (build 8a94541dcfac)

Can you please help me to troubleshoot this and how can I get this solved.

Thanks,

Madhuri

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-02-2020 03:01 AM

Hi @mayankrojo,

I have sometimes this message on my pc.

You have to check the IOPS of you storage, Splunk requires at least 800 IOPS and this is usually the Splunk bottleneck.

CPUs aren't relevant.

You can check IOPSs using a tool like Bonnie++ that you can find on Internet.

It's also useful to reduce the number of fields of your searches: in other words, if for your output are relevant only _time, field1, field2, field3 and field4, but you have in your data many other fields, you could insert, after the main search the command:

| fields _time field1 field2 field3 field4

Ciao.

Giuseppe

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...