Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Error:std::bad_alloc Whenever I try to visualize a search

Stabbles
Engager
‎02-12-2015 01:42 PM

Splunk newbie here,
I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK because my data is very small.
I'm able to run the search sourcetype=accounts_made and it returns the results for all time very quickly. However if I try and pipe the results to a timechart; sourcetype=accounts_made | timechart max(accounts) I receive the error std::bad_alloc The search job has failed due to an error. You may be able view the job in the Job Inspector. Even if I try and plot the results for the past 15 minutes it gives up immediately.

Any advice would be appreciated!

Edit: Running the search in Verbose mode seems to work, however I can't make any dashboard panels because they always show the error above.

Reply
1 Solution
Solved! Jump to solution
Solution

lukasz92
Communicator
‎02-24-2015 02:47 AM

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

View solution in original post

Reply
Solved! Jump to solution

vivek_manoj
Explorer
‎09-07-2016 10:19 PM

Its because you are running it in fast mode . Change it to verbose mode will resolve you problem.

0 Karma
Reply
Solved! Jump to solution
Solution

lukasz92
Communicator
‎02-24-2015 02:47 AM

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

Reply
Solved! Jump to solution

zaphod1984
Path Finder
‎02-24-2015 03:44 AM

hi, that's the same conclusion i also came to. (had splunk running on a VM with 512Mb)

0 Karma
Reply
Solved! Jump to solution

zaphod1984
Path Finder
‎02-24-2015 12:30 AM

any clues on this?
I'm running into the same issue...

0 Karma
Reply
Solved! Jump to solution

markthompson
Builder
‎02-24-2015 12:51 AM

@Stabbles - Can you view it in the job inspector and share a screenshot please

0 Karma
Reply
Solved! Jump to solution

Stabbles
Engager
‎02-24-2015 12:59 AM

Here you go Mark,
alt text

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...