Splunk 6.2.3 consuming all the memory after instal...

Afef · ‎06-19-2015

Hello,
I installed Splunk Enterprise 6.2.2 a month ago and it was running safely. Splunk had no issues. I installed the Splunk App for Enterprise Security 3.3.0 and update Splunk Enterprise to 6.2.3 version two days ago. Yesterday Splunk had no problems. Today, Splunk consumed the entire memory (32 GB) and all the machine went down. I restarted the Windows server and Splunk worked for 5 minutes, but consumed 100% of the memory again and the server went down. I verified the logs and I didn't find errors. I disabled all the scheduled searches and correlation searches, but this did not resolve the problem. Splunk goes down every 5 minutes and Windows also because Splunkd consumes the entire memory.
Any help please ?

martin_mueller · ‎06-19-2015

ES on Windows is no fun at all.

mdessus_splunk · ‎06-24-2015

Windows in not fun at all 🙂

benjamin009 · ‎06-19-2015

Make sure the box is not indexing locally. Also make sure you are in a distributed environment. Make sure the ES server is only running a search head and KV store.

alacercogitatus · ‎06-19-2015

Unfortunately, most users here will not be able to help you, and the ones that can, would need detailed information about your environment. When it comes to ES, my recommendation is to contact Splunk Support with a P1 ticket. This will get you the fastest resolution for your problem.

Afef · ‎06-24-2015

Thank you for your answer. I sent a P1 ticket to support but they didn't help me, they transformed the P1 to P2...

I deleted the whole configuration of Splunk and i redeployed it. it is not the best solution, i know, but i had no other solution.

Splunk 6.2.3 consuming all the memory after installing Splunk app for Enterprise Security 3.3.0

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life