Hi there,

Many users face similar issues after upgrades, so you're not alone. Let's troubleshoot:

Potential Causes:

• Resource-intensive features: New features in 9.1.2 might demand more resources. Analyze Splunkd logs for clues about resource-intensive operations.
• Index rebuilds or migrations: Upgrading might trigger index rebuilds or migrations, increasing CPU and memory usage temporarily.
• Configuration changes: Some 9.1.2 settings might differ from 8.2, impacting resource consumption. Review your splunkweb.conf and server.conf files.
• Hardware limitations: Ensure your server has sufficient CPU, RAM, and disk space to handle the upgraded version.

Troubleshooting Steps:

1. Analyze Splunkd logs: Look for errors or warnings related to high resource usage in splunkd.log.
2. Monitor resource usage: Track CPU, memory, and disk I/O using Windows Performance Monitor or Splunk's built-in monitoring tools.
3. Identify resource-intensive searches: Use the topsearch command in Splunk to see which searches consume the most resources. You can optimize or disable them if needed.
4. Review Splunk configuration: Double-check your splunkweb.conf and server.conf settings for any performance-related changes introduced in 9.1.2.
5. Tune Splunk settings: Consider adjusting Splunk's search throttling, indexing, and memory allocation settings based on your hardware and usage patterns. Splunk documentation offers guidance on performance tuning.
6. Hardware assessment: If your server hardware is old or underpowered, consider upgrading to meet the demands of Splunk 9.1.2.

Additional Tips:

• Open a support ticket with Splunk if the issue persists after troubleshooting.
• Consult Splunk documentation and community forums for known upgrade issues and best practices.

Remember, pinpointing the exact cause might require more details about your environment and logs. However, these steps should guide you in the right direction.

~ If the reply helps, a Karma upvote would be appreciated