Solved: Error:std::bad_alloc Whenever I try to visualize a...

Stabbles · ‎02-12-2015

Splunk newbie here,
I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK because my data is very small.
I'm able to run the search sourcetype=accounts_made and it returns the results for all time very quickly. However if I try and pipe the results to a timechart; sourcetype=accounts_made | timechart max(accounts) I receive the error std::bad_alloc The search job has failed due to an error. You may be able view the job in the Job Inspector. Even if I try and plot the results for the past 15 minutes it gives up immediately.

Any advice would be appreciated!

Edit: Running the search in Verbose mode seems to work, however I can't make any dashboard panels because they always show the error above.

lukasz92 · ‎02-24-2015

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

View solution in original post

vivek_manoj · ‎09-07-2016

Its because you are running it in fast mode . Change it to verbose mode will resolve you problem.

lukasz92 · ‎02-24-2015

This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.

zaphod1984 · ‎02-24-2015

hi, that's the same conclusion i also came to. (had splunk running on a VM with 512Mb)

zaphod1984 · ‎02-24-2015

any clues on this?
I'm running into the same issue...

markthompson · ‎02-24-2015

@Stabbles - Can you view it in the job inspector and share a screenshot please

Stabbles · ‎02-24-2015

Here you go Mark,

Error:std::bad_alloc Whenever I try to visualize a search

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!