The dreadded does not meet the recommended minimum...

Splunk Enterprise Security

I have an Enterprise Security search head with 44 Physical Cores and 32GB RAM( reporting as 30.92GB) I am getting the message still even though the server meets the criteria.

Here is the search string for this check, found in savedsearchs.conf

search                               = | rest splunk_server=* count=0 /services/server/info
 | eval numberOfVirtualCores=if(isnum(numberOfVirtualCores) AND numberOfVirtualCores>0,numb
erOfVirtualCores,null()) | where ((server_roles="search_head" AND (max(numberOfCores,number
OfVirtualCores)<16 OR physicalMemoryMB<32000)) OR (server_roles="indexer" AND (max(numberOf
Cores,numberOfVirtualCores)<16 OR physicalMemoryMB<32000))) | fields + splunk_server,server
_roles,numberOfCores,numberOfVirtualCores,physicalMemoryMB

should i edit this to physicalMemoryMB<30000 to resolve this?

Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

Are you a member of the Splunk Community?