Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Why is there a slowness in the restart of Spunk components?

vinod50rao
New Member
‎05-18-2017 02:01 PM

Hi Team,

I'm seeing slowness in the restart of Splunk components. All my Forwarders, indexers and search heads are on Linux OS. I'm making Forwarders first down than indexers and in last search heads,

We are seeing restart latency with Forwarders, in the meantime i'm directly shutting down the machine not stopping any service first. will that make change. Please provide your expert comments.

Thanks!
Vinod Yadav.

0 Karma
Reply
Highlighted

Re: Why is there a slowness in the restart of Spunk components?

adonio
SplunkTrust
SplunkTrust
‎05-18-2017 02:53 PM

can you elaborate?
what is the reason for frequent restarts? can you see the console while restarting? any messages during restart?
how do you measure the slowness? how long does a forwarder restart takes? indexer? search head?

0 Karma
Reply
Highlighted

Re: Why is there a slowness in the restart of Spunk components?

esix_splunk
Splunk Employee
Splunk Employee
‎05-19-2017 12:45 AM

Depending on what the forwarder is doing, it can take some time to stop/restart. This is typically due to currently active file monitors and modular inputs running. The forwarder will try and clear the queues before it restarts, meaning it will try and wait till and EOF / end of event before stopping the splunkd process. Similar is true on indexers, they will try and wait till search jobs have completed and indexing queues have emptied.

0 Karma
Reply