Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What could be the reason for a spike in CPU Usage in some indexers in a clustered environment?

nawazns5038
Builder
‎12-27-2018 12:22 PM

Hi,

I have a clustered environment and it runs smoothly, but sometimes, I see a spike in CPU Usage in some of the indexers up to 70 or 80%.

what would be the reason ?

For what purpose does a Splunk indexer use CPU and what is the ideal CPU usage in an indexer ?

Thanks

0 Karma
Reply

vinkumar_splunk
Splunk Employee
Splunk Employee
‎12-28-2018 03:08 AM

we need to isolate the reason why this could happen in indexer.

Are you using VMs? If not, check disk health and IOPS, e.g. with Bonnie++

Go to your master and take a look at the DMC, specifically Indexing -> Performance -> Indexing Performance: Instance (select affected indexer)

https://docs.splunk.com/Documentation/Splunk/6.6.2/Troubleshooting/Troubleshootindexingperformance

Create a support ticket with splunk if the above doesn't help

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎12-27-2018 05:01 PM

Have you correlated the CPU spikes with other activity, like scheduled searches, data model accelerations, etc? Perhaps you have a particularly inefficient or wide-ranging search that is causing the CPU usage.

Indexers use CPU to index data and conduct searches.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...