Good morning. I am constantly getting the message:
One or more machines does not meet the recommended minimum system requirements. Review the documentation for details.
How do I get it to stop, regardless of my system requirements? This is very annoying and causes alarm to our Network Operations Center. Any advice is MUCH appreciated.
I'm not surprised your Network Operations Center is alarmed that their systems are below specification.
Splunk's minimum hardware requirements is pretty low, and there's a reason they exist. Below these numbers not only can performance suffer (obviously), but sometimes certain things just won't work. The Deployment Server is a great example: with a 2 core, 4 GB box, there are times you simply can't reload the deploy-server portion. It will simply fail and nothing in the error logs indicate specifically why, and it doesn't even appear to take long. Just total failure. Bump it up to specs, and it works fine.
If it is ES, there's a check that runs (or used to, it's probably still there though) called "Audit - ES System Requirements" in the Configuration Section of the Data Inputs that you coudl disable or modify. Otherwise, I'm not aware of anything. Support may be able to help.
I disabled this query/report and it gave me a wole new error. It looks like there is a script called /opt/splunk/etc/apps/SA-Utils/bin/configuration_check.py. can I just put an exit 0 at the begining?
Is it telling you in error? What spec are you not meeting?
As a Splunk support engineer, I would highly discourage you from messing with the scripts like that.
If your boxes are under spec'd, and you have an issue, the first thing we will do is tell you to get the boxes up to the minimum specs. Especially if you're running an application that is heavily dependent on box specifications such as Enterprise Security.
I have the same issue but it appears Splunk is not taking into consideration our hyper threaded cores. I thought running 6.3.x would fix this issue.
Incidentally, hyperthreaded cores will not offer a significant increase in real performance for splunk tasks commensurate to their quantity. The benefit is real, but not linear with hyperthread counts.
The error I am getting is as follows:
msg="A script exited abnormally" input="/opt/splunk/etc/apps/SA-Utils/bin/configurationcheck.py" stanza="configurationcheck://confcheckessystem_requirements" status="exited with code 3"
I am even more confused as I reenabled the check I had diabled in Alerts and reports. Iis called "Audit - ES System Requirements" .
Any help is much appreciated!
Whatever app SA-Utils is, redownload it (or grab your existing copy of it), unzip/untar it, take a copy of your configuration_check.py and copy it back into place, then restart splunk. You probably oopsed a typo into it, but that should fix it.
Rich - I never modified the script at all - just disabled it in Splunk apps?!?!?