Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Health Check: Minimum System Requirements for Indexers

ahadghani
Engager
‎02-02-2021 07:08 AM

We are receiving messages about how our indexers (distributed environment) doesn't meet the minimum system requirements, but after taking a further look at Splunk's reference hardware documentation (https://docs.splunk.com/Documentation/Splunk/8.1.1/Capacity/Referencehardware) I still can't seem to figure out where we are lacking in. 

The message that I'm referring to is the following:

"Health Check: Splunk server "server_name" does not meet the recommended minimum system requirements."

This is currently what we're using for all three indexers:

64-bit Linux , 16 CPU cores,  and15.66 RAM. 

If anyone could provide some guidance on this matter that would be greatly appreciated! 

 

 

 

 

Labels (1)
Labels
0 Karma
Reply

aagro
Path Finder
‎03-14-2024 02:18 AM

I encountered the same problem after ES (7.3.0) installation and what Giuseppe say is correct about the RAM.
To avoid the issue edit alert "Audit - ES System Requirements" on SH ES and adjust the RAM value.
Splunk expect 32000MB RAM into the check but your system can report 31750MB as 32GB RAM.

Regards,

Antonio

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-02-2021 07:17 AM

Hi @ahadghani,

are you using the ES?

I found the same problem in one of my projects: Reference Hardware for Indexers with ES is 16 GM of RAM and I had 16 GB, but the health check is done on available memory that's a little less than 16 GB (in my case 15.88, in your case 15.66).

You have three solutions:

  • disabling the health check (I'd avoid!),
  • adding 1 GB of RAM ( the best if possible),
  • modify the health check search (the last choice) reducing the threeshold to 15.50.

In my project I had a physical Indexer so it wasn't possible to add RAM, so I modified the health check search.

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...

Adoption of Infrastructure Monitoring at Splunk

  Splunk's Growth Engineering team showcases one of their first Splunk product adoption-Splunk Infrastructure ...