Good afternoon,
I have a problem with Symantec 14.0 and splunk 7 Universal Forwarder not playing well together. Whenever the forwarder is running, Symantic use goes to 99% for every 10 seconds out of 60. This has killed our performance on the production servers. Let me know what information you might need and I can post it. Thank you!
Hi aoleske,
please read the docs about Splunk Enterprise and anti-virus products http://docs.splunk.com/Documentation/Splunk/7.0.0/ReleaseNotes/RunningSplunkalongsideWindowsantiviru... and the recommendations in it.
Hope this helps ...
cheers, MuS
Hi aoleske,
please read the docs about Splunk Enterprise and anti-virus products http://docs.splunk.com/Documentation/Splunk/7.0.0/ReleaseNotes/RunningSplunkalongsideWindowsantiviru... and the recommendations in it.
Hope this helps ...
cheers, MuS
I forgot to come back and accept the answer. Thanks for the reminder! 🙂 this took care of the issue.
We are seeing the issue with Splunk 6.X and 7.X where we are running Symantec 14.X. We are not seeing the issue where we are running Symantec 12.X, but your mileage may vary. After reading the doc MuS pointed us to, we made an exception for the $SPLUNK_HOME dir in Symantec and the CPU load has returned to normal. Thanks MuS!
Hey @aoleske, if this answered your question, please remember to "√Accept" the answer to award karma points and to let other Splunkers know it’s a golden answer. We’re hosting a karma point contest, so it’s particularly awesome to up vote on the forum these days. 😄
we are seeing these symptoms on servers with no add-ons and only the splunk internal logs being collected. This is a basic install of the UF with only defaults used (Except for defining our splunk server name). We are using the default ports of 9997 and 8089. We are running as local system. The deployment server sees the client, and we are collecting splunk internal logs, so all appears to be running correctly.
This is Symantec End Point Protection, not the add-on.