The monitor input cannot produce data because splu...

abazgwa21cz · ‎01-12-2023

I have and issues with red status : The monitor input cannot produce data because splunkd's processing queues are full. This will be caused by inadequate indexing or forwarding rate, or a sudden burst of incoming data.

i check in Indexing Performance: Instance and almost field had 100%

and when i check CPU and memory used and license used it had alot space

so how can i find the issues and can i fix this problem

PickleRick · ‎01-12-2023

The logical thing to do would be to check your IO saturation.

abazgwa21cz · ‎01-12-2023

how can i check that ?

PickleRick · ‎01-12-2023

iostat/iotop/vmstat, your hardware monitoring tools

Work with your infrastructure team.

The monitor input cannot produce data because splunkd's processing queues are full, what do I do to solve this?

error

resource usage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

May 2026 Splunk Expert Sessions: Security & Observability

Network to App: Observability Unlocked [May & June Series]

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Join the Conversation