Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Any idea what is causing high memory usage in indexers?

Ashwini008
Builder
‎12-08-2022 02:53 AM

We have distributed environment with 4 Splunk Indexers which are consuming high memory . It reaches to 100% and remains unreachable until we restart splunkd service. Once restarted, memory comes down and the same process repeats on other indexers within a span of couple of hours.

64GB of Physical Memory is available on each indexer and saved searches/Scheduled searches are not consuming high memory. Unable to understand why there is spike in the memory usage. 

In DMC It shows,Splunkd server is using high Physical Memory usage by process class. PID keeps increasing as below. Please suggest how do i find the root cause for this issue and how to fix it

Ashwini008_1-1670496771812.png

 



Ashwini008_0-1670496350966.png

 

Labels (3)
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-08-2022 03:23 AM

Hi @Ashwini008,

maybe, but anyway, open a Case to Splunk Support, they can find and hint how to solve the issue.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

ssanplunk
Path Finder
‎04-10-2025 02:20 AM

Hi.

If your splunk version is 9.1 or higher, please refer to the case below.
You can solve it by setting the option below in server.conf to false.
> https://splunk.my.site.com/customer/s/article/PreforkedSearchProcessException-can-t-launch-new-searc...

However, since the default setting is true, it is recommended to contact splunk support and decide.

[general]
enable_search_process_long_lifespan = false

0 Karma
Reply
Solved! Jump to solution

ssanplunk
Path Finder
‎03-26-2025 03:11 AM

Did you solve this problem?

I had the same symptoms and was wondering how you solved it.

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-08-2022 02:56 AM

Hi @Ashwini008,

there's no apparent reason because 64 GB RAM aren't sufficient for an Indexer.

open a Case to Splunk Support.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Ashwini008
Builder
‎12-08-2022 03:04 AM

Hi @gcusello ,

 

We haven't faced this issue from past 4 years.We have been using the same specifications till now.

There is no increase in the indexing data. We recently copied splunk_home/var/lib/splunk data (this was backed up data) into 4 indexers , I also see that  there are excess buckets. Could this be an reason? 

Ashwini008_0-1670497277417.png

 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-08-2022 03:23 AM

Hi @Ashwini008,

maybe, but anyway, open a Case to Splunk Support, they can find and hint how to solve the issue.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-08-2022 10:45 PM

Hi @Ashwini008,

if one answer solves your need, please accept one answer for the other people of Community or tell us how we can help you.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...