Deployment Architecture

Cluster Master restarts kills s3-compliant on-prem SmartStore since upgrading to Splunk 9


Hi all. I’ve got an interesting case:

  • $Customer using on-prem fully s3-compliant storage: DELL ECS
  • When restarting the Cluster Master (and only the CM, not the Indexers) that triggers thousands of timeout events from S3.
  • Is like the S3 cluster is having a denial-of-service attack
  • This is ONLY happening since we upgraded from 8.2.6 to Splunk 9.0.4 in April 29th. No issues before.
  • See screenshot below.

What exactly are the Indexers requesting from s3 when the CM is restarted?

How is this process different in Splunk 8.2.6 and Splunk 9.0.4?




Labels (1)
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...