After installing Splunk 6.4.1, splunkd is consumin...

s_mkonda · ‎10-24-2016

I am new to Splunk.

A week back, we have installed Splunk 6.4.1.
Now we see splunkd is consuming high CPU and memory, please help me to reduce swap usage

koshyk · ‎01-23-2017

Are you using SH cluster?
splunkd process in Indexer or SH, where are u finding high cpu?
Have you upgraded addons/apps?

shawngarrettsgp · ‎01-23-2017

No we are not using SHC yet in our multi-site deployment.
neither, this is on the Universal Forwarder side of a Windows client
In what context, recently since the issue occured? No, we updaded from 6.0.3 ->6.4.1 roughly ~7months ago or so. There has been various config changes from the UF side just some basic updates to Windows & Unix TA's.

skoelpin · ‎10-24-2016

I had the same issue using 6.4.1 forwarder except it was high CPU.. I opened a support case and they confirmed it was a bug in the 6.4.1 forwarder and recommended I use an older 6.3.6 forwarder

Case # 378231

tweaktubbie · ‎03-17-2017

Same question on which reference, I noticed Linux 6.3.3 UF works fine but our Wintel 6.4.1 UF gives sometimes unbelievable CPU load on quiet test servers. And wondering to which 6.4.x or 6.5.x is now the best option.

shawngarrettsgp · ‎01-23-2017

Have a reference by chance to the known bug?

After installing Splunk 6.4.1, splunkd is consuming high CPU and memory. How do I reduce this usage?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor