Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is Splunk is crashing on my AIX system and getting "bad allocation" errors in the splunkd.log?

kserra_splunk
Splunk Employee
Splunk Employee
‎11-06-2014 12:48 PM

I just installed splunk on my AIX system and am seeing lots of crashes in the main tailing thread. Additionally I see lots of error messages in the splunkd.log about bad allocation

ERROR PropertiesMapConfig - Failed to save stanza /var/adm/sudo.log_Mon_Sep_22_16:37:27_2014_1998275973 to app learned: bad allocation

Are there any known configuration settings for AIX that need to be set ? I have splunk installed on non AIX system and it is functioning normally on those systems.

Reply
1 Solution
Solved! Jump to solution
Solution

jreuter_splunk
Splunk Employee
Splunk Employee
‎11-06-2014 12:56 PM

You should check your data segment size , ulimit -d to make sure that this is set inline with what splunk asks for. By default on AIX systems this is set too low and it can create issues for splunk. Usually when this happens you will see lots of bad allocation error messages in the logs that look like the following:

ERROR PropertiesMapConfig - Failed to save stanza /var/adm/sudo.log_Mon_Sep_22_16:37:27_2014_1998275973 to app learned: bad allocation

The data segment size (ulimit -d). With Splunk 4.2+, increase the value to at least 1 GB = 1073741824 bytes.

http://docs.splunk.com/Documentation/Splunk/6.1.3/Troubleshooting/ulimitErrors

View solution in original post

Reply
Solved! Jump to solution
Solution

jreuter_splunk
Splunk Employee
Splunk Employee
‎11-06-2014 12:56 PM

You should check your data segment size , ulimit -d to make sure that this is set inline with what splunk asks for. By default on AIX systems this is set too low and it can create issues for splunk. Usually when this happens you will see lots of bad allocation error messages in the logs that look like the following:

ERROR PropertiesMapConfig - Failed to save stanza /var/adm/sudo.log_Mon_Sep_22_16:37:27_2014_1998275973 to app learned: bad allocation

The data segment size (ulimit -d). With Splunk 4.2+, increase the value to at least 1 GB = 1073741824 bytes.

http://docs.splunk.com/Documentation/Splunk/6.1.3/Troubleshooting/ulimitErrors

Reply
Solved! Jump to solution

splunkIT
Splunk Employee
Splunk Employee
‎04-06-2016 12:36 PM

Recommendation: Minimum of 1G for Data segment (ulimit -d) and for Resident memory (ulimit -m)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Customers Increasingly Choose Splunk for Observability

For the second year in a row, Splunk was recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for ...