Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

On solaris 10 x86, 32 bit, Splunk 3.4.x crashes with "Too many open files", even though ulimit is set to a large value, what gives?

rementis
Explorer
‎04-10-2010 04:53 PM

Splunk server crashing with Too many open files error in splunkd_stderr.log

Tags (1)
Reply

oreoshake
Communicator
‎04-13-2010 12:25 AM

edit /etc/security/limits.conf 

root    soft    nofile          250000
root    hard    nofile          250000

This will change the limit of open files, ulimit -n will show you the current setting

Reply

yannK
Splunk Employee
Splunk Employee
‎03-30-2012 12:10 PM

Depending of the system, you may have to change /etc/sysctl.conf and /etc/security/limits.conf
ulimit is not persistent after reboot.

http://splunk-base.splunk.com/answers/13313/how-to-tune-ulimit-on-my-server

0 Karma
Reply

rementis
Explorer
‎04-10-2010 04:55 PM

Switch to csh:

csh

Then issue this command:

% setenv LD_PRELOAD_32 /usr/lib/extendedFILE.so.1

This solution is for Solaris 10 x86.

See this page:

Workaround to stdio_s

Reply

jrodman
Splunk Employee
Splunk Employee
‎04-17-2010 01:26 AM

Do you have this problem on forwarders? I wouldn't expect so. You really should run your indexers on 64bit for performance reasons, avoiding the need for this workaround. However, it's a nice tip, thanks for sharing!

0 Karma
Reply
Get Updates on the Splunk Community!

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...