Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error:std::bad_alloc Whenever I try to visualize a search

Stabbles
Engager
‎02-12-2015 01:42 PM

Splunk newbie here,
I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK because my data is very small.
I'm able to run the search sourcetype=accounts_made and it returns the results for all time very quickly. However if I try and pipe the results to a timechart; sourcetype=accounts_made | timechart max(accounts) I receive the error std::bad_alloc The search job has failed due to an error. You may be able view the job in the Job Inspector. Even if I try and plot the results for the past 15 minutes it gives up immediately.

Any advice would be appreciated!

Edit: Running the search in Verbose mode seems to work, however I can't make any dashboard panels because they always show the error above.

Reply
1 Solution
Solved! Jump to solution
Solution

lukasz92
Communicator
‎02-24-2015 02:47 AM

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

View solution in original post

Reply
Solved! Jump to solution

vivek_manoj
Explorer
‎09-07-2016 10:19 PM

Its because you are running it in fast mode . Change it to verbose mode will resolve you problem.

0 Karma
Reply
Solved! Jump to solution
Solution

lukasz92
Communicator
‎02-24-2015 02:47 AM

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

Reply
Solved! Jump to solution

zaphod1984
Path Finder
‎02-24-2015 03:44 AM

hi, that's the same conclusion i also came to. (had splunk running on a VM with 512Mb)

0 Karma
Reply
Solved! Jump to solution

zaphod1984
Path Finder
‎02-24-2015 12:30 AM

any clues on this?
I'm running into the same issue...

0 Karma
Reply
Solved! Jump to solution

markthompson
Builder
‎02-24-2015 12:51 AM

@Stabbles - Can you view it in the job inspector and share a screenshot please

0 Karma
Reply
Solved! Jump to solution

Stabbles
Engager
‎02-24-2015 12:59 AM

Here you go Mark,
alt text

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...