Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Saturati on of ev ent-pro cessing queues

khanlarloo
Explorer
‎06-12-2018 11:07 PM

hi
i have one problem,my splunk instance shows this messege in monitoring console -- > health check

Saturation of event-processing queues ------
One or more of the indexer queues on this instance is reporting an averaged fill percentage of 90 or more over the last 15 minutes. This might affect how quickly this instance indexes events.

can you tell me how can i solve my problem?

Tags (1)
0 Karma
Reply

mgaudie_splunk
Splunk Employee
Splunk Employee
‎06-13-2018 12:54 AM

Thanks for the context you provided in your comments khanlarloo. If the monitoring console is telling you that you have an indexing rate of 0 but your queues are full, this means either your disk is full, there's a hardware failure or you are out of memory.

Have a look at your workstation / server and make sure it hasn't run out of disk space or memory and that there hasn't been any other failure that would impact the operation of Splunk.

0 Karma
Reply

mgaudie_splunk
Splunk Employee
Splunk Employee
‎06-12-2018 11:21 PM

Can you share a couple of statistics on your indexing health, primarily your queue fill ratios and your indexing rate? These stats can be found in Monitoring Console > Indexing > Performance > Indexing Performance: Deployment

0 Karma
Reply

khanlarloo
Explorer
‎06-13-2018 12:04 AM

unfortunately it doesn't show any chart and is empty and it shows "no result found".
in Splunk Enterprise Data Pipeline every ques is 100.
index rate=0 status=normal fillratio=100

0 Karma
Reply

mgaudie_splunk
Splunk Employee
Splunk Employee
‎06-13-2018 12:16 AM

At the top of the Indexing Performance dashboard should be single indicators with "Total Indexing Rate" and "Average Indexing Rate" written beneath them. Are they not showing?

Also, how many indexers do you have? Only one, or is it a cluster?

0 Karma
Reply

khanlarloo
Explorer
‎06-13-2018 12:38 AM

no only one indexer,i have indexing overwie
it shows indexing rate that is 0 and the status that is normal, i don't have these items "Total Indexing Rate" and "Average Indexing Rate".

0 Karma
Reply

khanlarloo
Explorer
‎06-13-2018 01:12 AM

my disk and memory working good i don't have any issue aboute these,i see my metrics
it shows this :
6-13-2018 11:23:14.931 +0430 INFO Metrics - group=queue, name=indexqueue, blocked=true, max_size_kb=500, current_size_kb=499, current_size=971, largest_size=971, smallest_size=971

0 Karma
Reply

khanlarloo
Explorer
‎06-13-2018 02:13 AM

can you tell why my charts have no result?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...