I'm working on the initial set up of splunk single instance on prem and I haven't been able to get data in yet. I have installed the universal forwarder on 2 windows servers and installed the add on for windows on those servers. I get this message in the monitoring console.
|ulimits.data_segment_size (current / recommended)||ulimits.open_files (current / recommended)||ulimits.user_processes (current / recommended)|
|-1||4096 / 64000||47318 / 16000|
Then when I log onto the Cent OS server and look at ulimits and they are set as the recommended minimum values.
How can I get the Splunk web to recognize how these settings are set on the server?
Can you try restarting the server?
I rebooted the server and still seeing the same messages in splunk web. Do I need to also change these settings from the link you sent?
Set limits using the /etc/systemd configuration files
I added these lines at the end of the /etc/security/limits.conf on the root profile, I'm still getting the same message.
I didn't configure splunk to run on the systemd, so I didn't add those other settings.
This is how the bottom of the file looks, I'm not sure if these are entered correctly.
did you configured ulimit in /etc/security/limits.conf ?
if not, you have to insert at the end of this file:
root hard nofile 64000 root soft nofile 64000
then exit from the user or restart Splunk.
I believe I added those two lines to the end of the /etc/security/limits.conf correctly
I saved this and restarted splunk and am still getting the same message about ulimits.