Activity Feed
- Got Karma for Re: CLI Splunk search huge memory amount. 08-03-2020 09:38 PM
- Got Karma for Why does the search process need so much memory for one simple query with the data for ONE(!) day?. 08-03-2020 09:38 PM
- Posted Re: CLI Splunk search huge memory amount on Reporting. 12-28-2019 12:41 PM
- Posted Re: CLI Splunk search huge memory amount on Reporting. 12-27-2019 08:45 AM
- Posted Re: CLI Splunk search huge memory amount on Reporting. 12-27-2019 07:51 AM
- Posted Why does the search process need so much memory for one simple query with the data for ONE(!) day? on Reporting. 12-27-2019 05:25 AM
- Tagged Why does the search process need so much memory for one simple query with the data for ONE(!) day? on Reporting. 12-27-2019 05:25 AM
- Tagged Why does the search process need so much memory for one simple query with the data for ONE(!) day? on Reporting. 12-27-2019 05:25 AM
- Tagged Why does the search process need so much memory for one simple query with the data for ONE(!) day? on Reporting. 12-27-2019 05:25 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 |
12-27-2019
08:45 AM
1 Karma
I'm sorry, but it is unsuitable. Why Splunk is collect data into memory instead of flush data to disk directly? I don't need something externally hard, just grab data.
What if I need to export data for one year? Should I do exports by an hour or maybe by the minute? It is not a problem, I can write a script, but it is an inappropriate solution.
This is a strong bug in my opinion.
... View more
12-27-2019
07:51 AM
@richgalloway You surprised me by this question. I only can check the day after and it is 4510739 strings. So, I would assume the amount of data on the problem day is the same.
... View more
12-27-2019
05:25 AM
1 Karma
Hello.
I'm using Splunk Enterprise 7.2.6 and I'm trying to export some data from past with command below:
/path/to/splunk search "index=my_index earliest=12/02/2018:00:00:00 latest=12/03/2018:23:59:00" -output rawdata -maxout 0 -auth user:password
My servers has 64Gb RAM and it almost free:
free -mg total used free shared buffers cached Mem: 62 2 60 0 0 0 -/+ buffers/cache: 1 61 Swap: 0 0 0
However, the search process eats all memory and killed by OOM.
Could someone explain to me why the search process needs so many memory for one simple query with the data for ONE(!) day?
... View more
