Monitoring Splunk

Splunk Universal Forwarder(9.1.1) consume a lot of CPU and memory

Manami
New Member

I deployed splunk universal forwarder 9.1.1 on Linux servers which are running on VPC VSI in IBM Cloud.
Some servers are RHEL7 others are RHEL8. These servers send logs to Heavy Forwarder server.

After deployment, the memory usage was coming to high on each server and one of the server went down because of memory leak. CPU usage is also high as expected when the splunk process is running.

For example, one of the server's CPU usage increased 30% and consumed 5.7GB memory out of 14GB after the splunk process up.

How can I reduce the resource usage?

Labels (2)
0 Karma

jbuckner85
Path Finder

Hello @Manami ,

We are experiencing the same thing with Splunk Enterprise, Memory utilization on average went up ~30% and CPU load over 50% across the indexing tier when we moved to this version. I will let you know if anything is found with the recent case which was opened. Were you able to find the problem with the universal forwarder?

 

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...