Splunk newbie here,
I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK because my data is very small.
I'm able to run the search sourcetype=accounts_made and it returns the results for all time very quickly. However if I try and pipe the results to a timechart; sourcetype=accounts_made | timechart max(accounts) I receive the error std::bad_alloc The search job has failed due to an error. You may be able view the job in the Job Inspector. Even if I try and plot the results for the past 15 minutes it gives up immediately.
Any advice would be appreciated!
Edit: Running the search in Verbose mode seems to work, however I can't make any dashboard panels because they always show the error above.
... View more