Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Cluster Master restarts kills s3-compliant on-prem SmartStore since upgrading to Splunk 9

javiergn
Super Champion
‎07-28-2023 02:33 AM

Hi all. I’ve got an interesting case:

  • $Customer using on-prem fully s3-compliant storage: DELL ECS
  • When restarting the Cluster Master (and only the CM, not the Indexers) that triggers thousands of timeout events from S3.
  • Is like the S3 cluster is having a denial-of-service attack
  • This is ONLY happening since we upgraded from 8.2.6 to Splunk 9.0.4 in April 29th. No issues before.
  • See screenshot below.

What exactly are the Indexers requesting from s3 when the CM is restarted?

How is this process different in Splunk 8.2.6 and Splunk 9.0.4?

Regards,

J

S2_CM_Restarts.png

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Enterprise 9.4: Tools for Digital Resilience

What’s New in Splunk Enterprise 9.4: Tools for Digital ResilienceTune in to What’s New in Splunk Enterprise ...

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...