Splunk Enterprise Security

Splunk 6.2.3 consuming all the memory after installing Splunk app for Enterprise Security 3.3.0

Afef
Communicator

Hello,
I installed Splunk Enterprise 6.2.2 a month ago and it was running safely. Splunk had no issues. I installed the Splunk App for Enterprise Security 3.3.0 and update Splunk Enterprise to 6.2.3 version two days ago. Yesterday Splunk had no problems. Today, Splunk consumed the entire memory (32 GB) and all the machine went down. I restarted the Windows server and Splunk worked for 5 minutes, but consumed 100% of the memory again and the server went down. I verified the logs and I didn't find errors. I disabled all the scheduled searches and correlation searches, but this did not resolve the problem. Splunk goes down every 5 minutes and Windows also because Splunkd consumes the entire memory.
Any help please ?

0 Karma

martin_mueller
SplunkTrust
SplunkTrust

ES on Windows is no fun at all.

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

Windows in not fun at all 🙂

0 Karma

benjamin009
Explorer

Make sure the box is not indexing locally. Also make sure you are in a distributed environment. Make sure the ES server is only running a search head and KV store.

0 Karma

alacercogitatus
SplunkTrust
SplunkTrust

Unfortunately, most users here will not be able to help you, and the ones that can, would need detailed information about your environment. When it comes to ES, my recommendation is to contact Splunk Support with a P1 ticket. This will get you the fastest resolution for your problem.

Afef
Communicator

Thank you for your answer. I sent a P1 ticket to support but they didn't help me, they transformed the P1 to P2...

I deleted the whole configuration of Splunk and i redeployed it. it is not the best solution, i know, but i had no other solution.

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...