Solved: postfix and /var/spool/postfix/maildrop directory ...

robertlynch2020 · ‎02-03-2020

HI

My system admins are having issues with the Splunk server on the /var. They are saving it is heavily used. (ONLY in the day time does this look like it is happening!).

For example from 9:30 this morning we have written 600MB in 4 hours. SO they are having to clean it down etc..

We do have alerts, but not at this frequency, any idea what could be going on?

Thanks
Robert Lynch

robertlynch2020 · ‎02-04-2020

HI

Thanks for your replay, in the end we found the issue.
We have saved a PDF on a dashboard for cron 1 minutes (scheduled PDF delivery ), it was running non stop and caused this issue.

Regards
Robert Lynch

View solution in original post

robertlynch2020 · ‎02-04-2020

HI

Thanks for your replay, in the end we found the issue.
We have saved a PDF on a dashboard for cron 1 minutes (scheduled PDF delivery ), it was running non stop and caused this issue.

Regards
Robert Lynch

gfreitas · ‎02-03-2020

Could you provide more information? It is not clear if you're saying Splunk is causing the issue or postfix. Do you believe Splunk is sending e-mails to your local postfix and that is filling the disk?
You can check with the following search to see if Splunk is sending thousands of e-mails: index=_internal sendemail source="*python.log" and index=_internal sendemail source="*splunkd.log" to have an idea

robertlynch2020 · ‎02-04-2020

HI

Thanks for your replay, in the end we found the issue.
We have saved a PDF on a dashboard for cron 1 minutes (scheduled PDF delivery ), it was running non stop and caused this issue.

Regards
Robert Lynch

postfix and /var/spool/postfix/maildrop directory are having issues on my Splunk server

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!