Monitoring Splunk

Splunk Universal Forwarder(9.1.1) consume a lot of CPU and memory

Manami
New Member

I deployed splunk universal forwarder 9.1.1 on Linux servers which are running on VPC VSI in IBM Cloud.
Some servers are RHEL7 others are RHEL8. These servers send logs to Heavy Forwarder server.

After deployment, the memory usage was coming to high on each server and one of the server went down because of memory leak. CPU usage is also high as expected when the splunk process is running.

For example, one of the server's CPU usage increased 30% and consumed 5.7GB memory out of 14GB after the splunk process up.

How can I reduce the resource usage?

Labels (2)
0 Karma

jbuckner85
Path Finder

Hello @Manami ,

We are experiencing the same thing with Splunk Enterprise, Memory utilization on average went up ~30% and CPU load over 50% across the indexing tier when we moved to this version. I will let you know if anything is found with the recent case which was opened. Were you able to find the problem with the universal forwarder?

 

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...