Splunk Enterprise Security
Highlighted

The dreadded does not meet the recommended minimum system requirement — but I do...So???

I have an Enterprise Security search head with 44 Physical Cores and 32GB RAM( reporting as 30.92GB) I am getting the message still even though the server meets the criteria.

Here is the search string for this check, found in savedsearchs.conf

search                               = | rest splunk_server=* count=0 /services/server/info
 | eval numberOfVirtualCores=if(isnum(numberOfVirtualCores) AND numberOfVirtualCores>0,numb
erOfVirtualCores,null()) | where ((server_roles="search_head" AND (max(numberOfCores,number
OfVirtualCores)<16 OR physicalMemoryMB<32000)) OR (server_roles="indexer" AND (max(numberOf
Cores,numberOfVirtualCores)<16 OR physicalMemoryMB<32000))) | fields + splunk_server,server
_roles,numberOfCores,numberOfVirtualCores,physicalMemoryMB

should i edit this to physicalMemoryMB<30000 to resolve this?

0 Karma