Hi ,
In our Splunk environment, standalone search head is going down often.
Could anyone , what would be the reason on this?
When i check SH internal logs,at time just before down time . I could see the below errors
2017-11-16 15:45:59,954 INFO [5a0d7dff217f35xxxxxxxx] root:129 - ENGINE: Bus EXITED
2017-11-16 15:45:59,954 INFO [5a0d7dff217f35xxxxxxxx] root:129 - ENGINE: Bus STOPPED
2017-11-16 15:45:59,953 INFO [5a0d7dff217f35xxxxxxxx] root:129 - ENGINE: Stopped thread '_TimeoutMonitor'.
2017-11-16 15:45:59,887 INFO [5a0d7dff217f35xxxxxxxx] root:129 - ENGINE: HTTP Server cherrypy._cpwsgi_server.CPWSGIServer(('127.0.0.1', 8065)) shut down
Can someone help on this please?
Thanks
Mala
Hi mala_splunk_91,
it's hard to debug a problem likethis!
what Linux are you using? see on internet if there are known issues on this Operative System.
Anyway, I suggest to open a case to Splunk Support because the only way is a webex to see you installation.
Bye.
Giuseppe
i know it's old thread ,i assume it helps ,
once check DMC on your search head , and go to "resource usage: instance"
check for Maximum Physical Memory Usage by Process Class& Maximum CPU Usage by Process Class
identify which process class consuming more resources , usually it is "search activity" in my case