If you are seeing the $SPLUNK_HOME/bin/splunkd instrument-resource-usage -p 8089 is taking the CPU.
This maybe is related to SPL-133720 "splunkd instrument-resource-usage process uses one full CPU core after upgrade to 6.5.1 on Centos 5"
This is planned to be fixed in 6.5.3, this is still subject to change by splunk engineering.
... View more
Hello,
If with Sybase mean SAP (Sybase) Adaptive Enterprice database Engine is store it audit logs in a table
in the auditdb database, it work almost like splunk with it logs file is roll the table at a size so audit get audit_01 and so on
depend on configuration.
You could use the DBconnect to pull this data in to splunk.
... View more