so I upgraded my Splunk version from 6.3.3 to 7.1.1, put it on a new server, split out the volumes on my server and the performance in my new environment is significant worse than my current production. The cpu is pegged out (100% resource consumption)
I cannot get my dashboards to load in my new environment.
We are on windows and do not have anything blocking the on-access scans but we did not have that in place in our current production environment either, so I don't understand why the performance is so much worse in our new environment.
We loaded a lot of data into our system the past few days from re ingesting data (passed our daily limit) - not sure if that could be related.
Any help or places to investigate first would be appreciated- thank you!
Check out the highlighted issue in the release notes. This caused our CPU to spike when we upgraded last week.
http://docs.splunk.com/Documentation/Splunk/7.1.1/ReleaseNotes/Knownissues#Highlighted_issues