Getting Data In

What is Splunk-MonitorNoHandle.exe?

yutaka1005
Builder

In my windows environment, Universal Forwarder 6.1.7 is installed.
When monitoring processes, I noticed that Splunk - MonitorNoHandle.exe is using a high CPU.

I am sorry for asking a vague question, but what is this process doing?
Is there a way to reduce the CPU usage of this process?

Any information would be appreciated.

0 Karma
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi yutaka1005,
I had similar problems with this version of Universal Forwarder and I solved it upgrading UF version to the last one possible (UF version should be less or equal to Splunk Enterprise version but it runs also with greater versions! ).

Every way it's a component of Splunk Enterprise Universal Forwarder for Windows used to monitor Windows services, you can find some additional information at http://www.freefixer.com/library/file/splunk-MonitorNoHandle.exe-204070/ and at https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/RunningSplunkalongsideWindowsantivir...

Bye.
Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi yutaka1005,
I had similar problems with this version of Universal Forwarder and I solved it upgrading UF version to the last one possible (UF version should be less or equal to Splunk Enterprise version but it runs also with greater versions! ).

Every way it's a component of Splunk Enterprise Universal Forwarder for Windows used to monitor Windows services, you can find some additional information at http://www.freefixer.com/library/file/splunk-MonitorNoHandle.exe-204070/ and at https://docs.splunk.com/Documentation/Splunk/6.5.2/ReleaseNotes/RunningSplunkalongsideWindowsantivir...

Bye.
Giuseppe

yutaka1005
Builder

Thank you for answering.

I could understand about Splunk-MonitorNoHandle.exe because of below URL.
http://docs.splunk.com/Documentation/Splunk/6.1.7/Data/Monitorfilesanddirectories

But I still do not know why this process is occupying the CPU. Having been fixed by upgrading, is this problem a known issue?
Can not be avoided by changing the setting value?

It would be greatly appreciated if anyone tells me any suggestions or information.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi yutaka1005,
For my knowledge it's not possible avoid this behavior by changing the setting value, the only way to be sure is to ask to the Splunk Support.
Every way, after upgrading I didn't have the problem since six months.
Bye.
Giuseppe

0 Karma

yutaka1005
Builder

Hi Giuseppe.

I will consider updating Splunk.
Thanks.
yutaka1005

0 Karma

wcolgate_splunk
Splunk Employee
Splunk Employee

Splunk-MonotorNoHandle.exe is a modular input. It is designed to monitor live IO writes to files without opening a Windows File Handle. 

It can be configured by adding a stanza to etc\local\inputs.conf. If it has not been configured, it will by default, start-up and run it's introspection every 60 seconds.

It can be disabled complete (i.e. never run) by setting its default stanza with the following keys:

run_introspection = false

disabled = true

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...