Splunk newbie here,
I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK because my data is very small.
I'm able to run the search sourcetype=accounts_made and it returns the results for all time very quickly. However if I try and pipe the results to a timechart; sourcetype=accounts_made | timechart max(accounts) I receive the error std::bad_alloc The search job has failed due to an error. You may be able view the job in the Job Inspector. Even if I try and plot the results for the past 15 minutes it gives up immediately.
Any advice would be appreciated!
Edit: Running the search in Verbose mode seems to work, however I can't make any dashboard panels because they always show the error above.
This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.
Its because you are running it in fast mode . Change it to verbose mode will resolve you problem.
This is just Out of memory error, sorry.
Read this page http://docs.splunk.com/Documentation/Splunk/6.2.1/Installation/Systemrequirements - you just have to have 1GB RAM.
hi, that's the same conclusion i also came to. (had splunk running on a VM with 512Mb)
any clues on this?
I'm running into the same issue...
@Stabbles - Can you view it in the job inspector and share a screenshot please
Here you go Mark,