Hi,
I have a clustered environment and it runs smoothly, but sometimes, I see a spike in CPU Usage in some of the indexers up to 70 or 80%.
what would be the reason ?
For what purpose does a Splunk indexer use CPU and what is the ideal CPU usage in an indexer ?
Thanks
we need to isolate the reason why this could happen in indexer.
Are you using VMs? If not, check disk health and IOPS, e.g. with Bonnie++
Go to your master and take a look at the DMC, specifically Indexing -> Performance -> Indexing Performance: Instance (select affected indexer)
https://docs.splunk.com/Documentation/Splunk/6.6.2/Troubleshooting/Troubleshootindexingperformance
Create a support ticket with splunk if the above doesn't help
Have you correlated the CPU spikes with other activity, like scheduled searches, data model accelerations, etc? Perhaps you have a particularly inefficient or wide-ranging search that is causing the CPU usage.
Indexers use CPU to index data and conduct searches.