Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk - Files/Directories being monitored

melvync
Observer
‎06-17-2020 02:17 AM

Hi,

i have inherited a splunk installation, done by a 3rd party.  We are currently using Splunk Enterprise version 8.0.2, with universal forwarders on a Solaris host (11.3) and 4 solaris zones on that host.

 

We are experiencing very high memory consumption and CPU usage on the host and respective zones, but a restart of the splunk daemon usually resolves  the memory issues.  We are currently restarting the splunk daemon's every 4-5 days.

When we do restart the splunk services, they jump to the top CPU users the moment it's started.

I have read that the high CPU could be attributed to the number of files/directories being monitored, so I ran the "splunk list monitor"  command on each zone being monitored and on the host, and found that certain directories were being monitored across all forwarders, even if those directories didn't exist on that zone.

I still don't know enough about splunk (am working through a pluralsight splunk fundamentals training course) to know whether  the list of files/directories to be monitored is being set at a zone/machine level or globally, and where I can go to find out.

Any assistance in this regard would be greatly appreciated.

thanks

Mel

Labels (2)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...