Hi, if the issue exists on Windows then it sounds like the general Memory leak problem we have since Feb. this year and Splunk isn't realizing it, it seems.  See here: https://community.splunk.com/t5/Splunk-Enterprise/Memory-leak-in-Windows-Versions-of-Splunk-Enterpri...

are you file monitoring? If you are, the issue has to do with the following:

• When using File monitoring input or folder monitoring input do not use recursive search or three dot notations (...) instead prefer to use non-recursive search or asterisk notation (*).
  • Example: [monitor:///home/*/.bash_history] is much better programmatically then [monitor:///home/.../.bash_history]
• When you must compulsorily use recursive search, then:
  • Make sure no. of total files under the main root directory you are searching is not huge.
  • Make sure there are no cyclic links that could cause Splunk to go into an infinite loop.

Well. Your screenshot shows... something. The only thing that I can try to deduce from it is that you're running your Splunk environment on Windows. (end event that is just a guess).

Anyway. CM - if it's not doing anything else - should have pretty constant memory usage determined by the size of your environment (number of indexers and buckets on those indexers). Of course it will start small and quite quickly build up memory usage as peers register with it and report their buckets but after that the memory usage growth should slow down significantly. If you have a constant linear growth... it might warrant a support case. Or you might simply have too small machine for your CM.

In the SH case though it's not that easy because it highly depends on activity - number of searches, the searches themselves, your users limits and so on. You could use monitoring console to see what your users are doing and what is consuming most memory.

Anyway, 12GB RAM is a minimum reference SH specification and it's very rarely enough. (and if you're using premium apps like ES or ITSI it's way below the recommended specs).