Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is there a slowness in the restart of Spunk components?

vinod50rao
New Member
‎05-18-2017 02:01 PM

Hi Team,

I'm seeing slowness in the restart of Splunk components. All my Forwarders, indexers and search heads are on Linux OS. I'm making Forwarders first down than indexers and in last search heads,

We are seeing restart latency with Forwarders, in the meantime i'm directly shutting down the machine not stopping any service first. will that make change. Please provide your expert comments.

Thanks!
Vinod Yadav.

0 Karma
Reply

esix_splunk
Splunk Employee
Splunk Employee
‎05-19-2017 12:45 AM

Depending on what the forwarder is doing, it can take some time to stop/restart. This is typically due to currently active file monitors and modular inputs running. The forwarder will try and clear the queues before it restarts, meaning it will try and wait till and EOF / end of event before stopping the splunkd process. Similar is true on indexers, they will try and wait till search jobs have completed and indexing queues have emptied.

0 Karma
Reply

adonio
Ultra Champion
‎05-18-2017 02:53 PM

can you elaborate?
what is the reason for frequent restarts? can you see the console while restarting? any messages during restart?
how do you measure the slowness? how long does a forwarder restart takes? indexer? search head?

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...