Deployment Architecture

Is this a known issue that splunk-optimize.exe on windows is faulting?

simpkins1958
Contributor

Is this a known issue? Using Splunk Enterprise 7.0.2 on Windows Server 2012 R2.

Faulting application name: splunk-optimize.exe, version: 1792.512.23146.14948, time stamp: 0x5a6a3b8d
Faulting module name: ucrtbase.DLL, version: 10.0.10586.212, time stamp: 0x56fa10e8
Exception code: 0xc0000409
Fault offset: 0x0000000000068528
Faulting process id: 0xb0c
Faulting application start time: 0x01d3d72da73bc5d0
Faulting application path: C:\Program Files\splunk\bin\splunk-optimize.exe
Faulting module path: C:\Program Files\splunk\bin\ucrtbase.DLL
Report Id: eab32659-4320-11e8-80ca-0050569719bd
Faulting package full name: 
Faulting package-relative application ID: 

Speedy1968
New Member

Hi,
we also test splunk. But get the same errors on the splunk server. All About 10 minutes splunk-optimize.exe crashes. Additionally this server has a high cpu caused by splunkd.exe. May we set some configuration to stop these issues?

Regards
Frank

0 Karma

simpkins1958
Contributor

Log file info:

04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824_SplunkOptimize) Logging configuration: verbose=1, log2splunk=1
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) splunk-optimize start: dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4 mode=0 isfinal=false max_iteration=2147483647 min_src_count=8 lex_tpb=64
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_0=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897731-1523897731-13561173308247173833.tsidx sz=4261
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_1=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897733-1523897733-13612458228533476581.tsidx sz=4577
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_2=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897717-1523897717-12926469784342936364.tsidx sz=6629
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_3=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897714-1523897714-12797656349266986398.tsidx sz=7568
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_4=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897722-1523897722-13184096697444471740.tsidx sz=7891
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_5=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897720-1523897720-13054467136977953536.tsidx sz=7925
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_6=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897725-1523897725-13312179807691478568.tsidx sz=7960
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
SplunkOptimize) source_7=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897730-1523897730-13538754480905189005.tsidx sz=29914
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824
_SplunkOptimize) source_8=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897712-1523897538-12711880831551459716.tsidx sz=121754
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824SplunkOptimize) intermediate=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\7584-1523897736.merge
04-16-2018 09:55:37.247 -0700 DEBUG SplunkOptimize - (child_531824SplunkOptimize) target=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4\1523897733-1523897538-13699309549895350546.tsidx
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) optimize finished: files merged successfully, dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4, rc=0 (unsigned 0), errno=87

04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) optimize finished: no suitable pair of tsidx found for optimize, dir=E:\Program Files\Splunk\var\lib\splunk_internaldb\db\hot_v1_4, rc=-31 (unsigned 225), errno=18
04-16-2018 09:55:37.247 -0700 INFO SplunkOptimize - (child_531824SplunkOptimize) exiting splunk-optimize process with rc=-31 (unsigned 225)

0 Karma

Speedy1968
New Member

We are testing splunk with uberAgent and having the same issues with splunk-optimize.exe. About all 10 minutes the application crashes 3 to 4 times. Additionally splunkd.exe caused a high cpu. Should we Change some settings? What's going wrong here

0 Karma

steven_winslow
Explorer

I'm having a similar issue with UF 7.0.2 and Windows Server 2012 R2. Except instead of splunk-optimize.exe, I'm having issues with splunk-winevtlog.exe and splunk-perfmon.exe.

I'm running SCEP for AV and the machine is an IIS server. AV Definition updates and the IIS worker process w3wp.exe are secondary suspects for us.

0 Karma
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...