I just downloaded and installed splunk 4.1.4 and installed on WIN7 laptop. Upon reboot of my system, the CPU pegged at 100% for over 1/2 hour, causing my other apps and web browser problems. Task manager ID'ed the splunkd service as the culprit, it was consuming so much CPU the spunkweb service can not even start. upon manual start of the splunkweb, I could access my UI but of course very slow.
If I stop splunkd service my cpu and mem return to what I consider "normal" levels, even with splunkweb still running, but restart splunkd and BAM CPU peggs to 100% everytime.
Is there a way to limit CPU resources to splunk? I don't mind giving up some cpu resources, but if the thing is going to EAT my whole system resources, it is a worthless tool for me!
Since you are using Windows, you could use the built in Windows tools or something like ProcessExplorer to set the process priority of the splunk processes (splunkd, splunkweb) to a lower value and/or set their affinity to a single core.
Splunk 4.x is a different animal. More daemons running demand more CPU cycles. I ran version 3.x at home on a 900 MHz Linux box built from spare parts and it worked well. Upgraded it to 4.x and it is almost useless. A much beefier Solaris machine at work was slow and painful using version 3.x, but works amazingly well with version 4.1.x. New recommendations are for two 4-core CPUs.
Your laptop is simply too small for Splunk, even in a small test environment. You might try installing one of the older versions if all you're going to do is test drive Splunk. If you do that, realize you're not testing the current verion.
See this for suggested hardware capacity planning. http://www.splunk.com/base/Documentation/4.1.4/Installation/CapacityplanningforalargerSplunkdeployme...
This describes system requirements. http://www.splunk.com/base/Documentation/4.1.4/Installation/Systemrequirements
I have min requirements, but this is a personal (1 machine) use install
I've found that the first time Splunk is installed on a system, it uses more resources than normal. It's probably because it has to index EVERYTHING the first time around. After I let it run for a [long] while, it catches up and settles down.
For whatever it's worth...
I'll give this a try, if I remember I can fire up spunkweb & spunkd and let them run overnight... then see what the system is doing in the AM
What are the specs of your laptop with regards to CPU / memory?
The only reason I can think of off the top of my head that would cause so much CPU consumption is maybe the Windows App - you can try disabling the app and try again?
Brian
Woof, that's really not going to do much for you. Take a look at http://www.splunk.com/base/Documentation/latest/Installation/Systemrequirements
Acer Aspier5251 : AMD V12 2.2GHZ : 250GBHDD : 2GB RAM
Not a stellar config I know, but it would be nice to know when/if something funky or unauthorized is happening to the environment.