Solved: What does slow reverse dns lookup warning mean in ...

mataharry · ‎08-27-2014

I found this in my splunkd.log
and It seems linked to the setting rdnsMaxDutyCycle in limits.conf
I assume that it triggers when my reverse dns resolution takes too long.

what is too long, and what is the base value used to compare ?

8-27-2014 12:51:28.048 +0800 WARN TcpInputConfig - reverse dns lookups appear to be excessively slow, this may impact receiving from network inputs. 66.688940 % time is greater than configured rdnsMaxDutyCycle=10 %. Current lookup: host::XX.XX.XX.XX

hsrawat · ‎08-27-2014

It means if dns lookup take more than rdnsMaxDutyCycle % ( default 10% ) time of 15 sec then the log will appear. In this case dns lookup took 66.688940 % of 15 sec ( almost more than 10 sec).

View solution in original post

hsrawat · ‎08-27-2014

It means if dns lookup take more than rdnsMaxDutyCycle % ( default 10% ) time of 15 sec then the log will appear. In this case dns lookup took 66.688940 % of 15 sec ( almost more than 10 sec).

hsrawat · ‎08-27-2014

That's internal to splunk.

mataharry · ‎08-27-2014

where do you bring this 15seconds from ?

sylim_splunk · ‎12-02-2015

It is from hard-coded one unfortunately

What does slow reverse dns lookup warning mean in splunkd.log?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!