Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Configuration initialization for /opt/splunk/etc took longer than expected in Splunk. Indicates storage performance.

mayankrojo
Explorer
‎09-02-2020 02:35 AM

Hello All,

I have a question. I am getting the below warning on all the panels of my dashboard. Also, the search is taking a lot of time to execute.

Configuration initialization for /opt/splunk/etc took longer than expected (1953ms) when dispatching a search with search ID _bWFkaHVyaS5tYXlhbmtAcm9qb2NvbnN1bHRhbmN5LmNvbQ_bWFkaHVyaS5tYXlhbmtAcm9qb2NvbnN1bHRhbmN5LmNvbQ__search__search1_1598863806.484277. This usually indicates problems with underlying storage performance.

I checked with the disk usage and CPU utilization but that is not an issue here. 

I am on version Splunk 7.2.4 (build 8a94541dcfac)

Can you please help me to troubleshoot this and how can I get this solved.

Thanks,

Madhuri

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-02-2020 03:01 AM

Hi @mayankrojo,

I have sometimes this message on my pc.

You have to check the IOPS of you storage, Splunk requires at least 800 IOPS and this is usually the Splunk bottleneck.

CPUs aren't relevant.

You can check IOPSs using a tool like Bonnie++ that you can find on Internet.

It's also useful to reduce the number of fields of your searches: in other words, if for your output are relevant only _time, field1, field2, field3 and field4, but you have in your data many other fields, you could insert, after the main search the command:

| fields _time field1 field2 field3 field4

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...