Splunk Universal Forwarder(9.1.1) consume a lot of...

Manami · ‎10-22-2023

I deployed splunk universal forwarder 9.1.1 on Linux servers which are running on VPC VSI in IBM Cloud.
Some servers are RHEL7 others are RHEL8. These servers send logs to Heavy Forwarder server.

After deployment, the memory usage was coming to high on each server and one of the server went down because of memory leak. CPU usage is also high as expected when the splunk process is running.

For example, one of the server's CPU usage increased 30% and consumed 5.7GB memory out of 14GB after the splunk process up.

How can I reduce the resource usage?

jbuckner85 · ‎11-17-2023

Hello @Manami ,

We are experiencing the same thing with Splunk Enterprise, Memory utilization on average went up ~30% and CPU load over 50% across the indexing tier when we moved to this version. I will let you know if anything is found with the recent case which was opened. Were you able to find the problem with the universal forwarder?

Splunk Universal Forwarder(9.1.1) consume a lot of CPU and memory

forwarder management

resource usage

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?