We had our Splunk server stopping by itself two days in a row.
I am trying to find the reason but I cannot find anything related in /opt/splunk/var/log/splunk.
Could someone please advise where I should be looking for the related logs?
As it was found, there was a kernel out of memory error.
We are running Version:7.2.5 on 12GB RAM.
I am wondering what we can do about that.
I will try to limit the amount of records in alert searches since we have them running all the time.
