- Find Answers
- :
- Splunk Administration
- :
- Deployment Architecture
- :
- Splunk hight monitoring memory vs VM low memory us...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi splunkers !
I got a question about memory.
In my splunk monitoring console, I get approx 90% of memory used by splunk processes. The amount of memory is 48 Gb
In my VCenter, I can see that only half of the assigned memory is used (approx 24 Gb over 48Gb available).
Who is telling me the truth : Splunk monitoring or Vcenter.
And overall, is there somthing to configure in Splunk to fit the entire available memory.
Splunk 9.2.2 / redhat 7.8
Thank you .
Olivier.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk information is a snap shot in time and reflects the reality every 10 seconds.
index=_introspection sourcetype=splunk_resource_usage component=Hostwide
| eval pct_mem=round(('data.mem_used'/'data.mem')*100,2)
| timechart span=10s max(pct_mem) as pct_memThat will give you the overall view.
index=_introspection sourcetype=splunk_resource_usage component=PerProcess "data.mem_used"="*"
| rename data.* as *
| timechart span=10s max(mem_used) as mem_used by process_typeThis will break it down by process over time.
Review with your VM metrics, perhaps VMC is reporting averages or median per time period.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, there were average values due to time period too large.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk information is a snap shot in time and reflects the reality every 10 seconds.
index=_introspection sourcetype=splunk_resource_usage component=Hostwide
| eval pct_mem=round(('data.mem_used'/'data.mem')*100,2)
| timechart span=10s max(pct_mem) as pct_memThat will give you the overall view.
index=_introspection sourcetype=splunk_resource_usage component=PerProcess "data.mem_used"="*"
| rename data.* as *
| timechart span=10s max(mem_used) as mem_used by process_typeThis will break it down by process over time.
Review with your VM metrics, perhaps VMC is reporting averages or median per time period.
Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!
Logs to Metrics
Developer Spotlight with Paul Stout
