Splunk Enterprise Security

Why does the Splunk App for Enterprise Security trigger audit warnings about system requirements in a virtualized environment?

mbarrie_splunk
Splunk Employee
Splunk Employee

In the Splunk App for Enterprise Security on Splunk Cloud, there is a frequent message that the systems don't meet the minimum requirements for Splunk. The message keeps popping up periodically, even on instances that have plenty of memory and Virtual CPUs.

The actual error message is:
One or more machines does not meet the minimum system requirements

1 Solution

mbarrie_splunk
Splunk Employee
Splunk Employee

Under Data Inputs->Configuration Checker there is a check that periodically runs the "Audit - ES System Requirements" search. On a virtual system this check will often fail since the number of physical CPU's returned by the REST call in the search is 1. The number of virtual cores, not reflected in the REST call, could be sufficient.

I disabled the configuration check to make the messages go away.

View solution in original post

mbarrie_splunk
Splunk Employee
Splunk Employee

Under Data Inputs->Configuration Checker there is a check that periodically runs the "Audit - ES System Requirements" search. On a virtual system this check will often fail since the number of physical CPU's returned by the REST call in the search is 1. The number of virtual cores, not reflected in the REST call, could be sufficient.

I disabled the configuration check to make the messages go away.

Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...