Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk-system-user Report Acceleration Search Stuck

alacercogitatus
SplunkTrust
SplunkTrust
‎01-22-2013 09:28 AM

I am running 5.0.1 on Ubuntu Server Every so often we get a stuck Report Acceleration Summarize search. For example, here is one from the Jobs page:

Dispatched at Owner Application Size Events Run time Expires Status
1/21/13 11:57:35 PM splunk-system-user system 0.06MB 0 00:00:01 Jan 22, 2013 12:19:42 PM Running (0%)

The search shown is | summarize maintain="CA731B2B-5B97-408C-943F-C96771D302E9_SplunkDirectoryServices_username_5d7d2aa78b3ac0e4,1358784000;CA731B2B-5B97-408C-943F-C96771D302E9_search_username_3bfa8a40a0cd07e5,1358784000;" summaryprefix="CA731B2B-5B97-408C-943F-C96771D302E9"

These searches cause CPU usage of >90% while they are running, and they don't end. To solve it, we just kill the job process from the server.

I inspected the job, and looked at the search.log. At the very end, there is this:

01-21-2013 23:57:37.331 INFO UserManager - Unwound user context: splunk-system-user -> NULL
01-21-2013 23:57:37.333 INFO DispatchCommand - Round Robin Threaded ProviderQueue: done reading from peer 'INDXR1'

Any ideas?

Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-12-2013 08:18 AM

I have since changed jobs, and I had opened a support case. Nothing concrete from before I left there.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎03-12-2013 08:18 AM

I have since changed jobs, and I had opened a support case. Nothing concrete from before I left there.

0 Karma
Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎03-11-2013 10:46 PM

Did you open a support case? We probably need more information.

0 Karma
Reply
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...