Quantcast
Viewing all articles
Browse latest Browse all 1551

Why does splunkd_access.log burst events on our Unix universal forwarder for no reason, using up 17% CPU?

July 13, 2016, 10:36 am
$
0
0
Hi, I've set up a Unix universal forwarder to monitor text-based files on a system. I always thought forwarders have a small footprint, but my forwarder currently eats up 17% of the CPU of the machine it's installed on. I checked everything and found something weird. Splunkd_access.log writes approx. 2 MB of data every second. Splunkd_access.log rolls about every two minutes. Splunk-Forwarder-Version: 6.4.1 Splunkd_access.log shows the following constant output: -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms -somedate- "POST /services/shcluster/member/consensus/pseudoid/raft_request_vote?output_mode=json HTTP/1.1" 401 71 - - - 0ms While splunkd.log throws me this repeatedly: -somedate- INFO WatchedFile - Checksum for seekptr didn't match, will re-read entire file='/opt/splunkforwarder/var/log/splunk/splunkd_access.log'. -somedate- INFO WatchedFile - Will begin reading at offset=0 for file='/opt/splunkforwarder/var/log/splunk/splunkd_access.log'. ---------- Anyone here who has seen this strange behavior before? Thanks in advance! Best regards, pyro_wood
Search
Viewing all articles
Browse latest Browse all 1551

Trending Articles

VMOU RSCIT Result 2017, RSCIT Result VMOU rkcl.vmou.ac.in Name Wise

July 16, 2017, 9:40 pm

GTA 5 PPSSPP Zip File Download For Android Mediafire 382 MB

May 13, 2024, 1:10 pm

Black Angus Grilled Artichokes

July 16, 2016, 4:37 pm

Grimsby sex-swap teen Nicole beats the bullies

January 9, 2015, 11:55 pm

Moondru Mudichu 20-07-2016 – Polimer tv Serial

July 20, 2016, 9:25 am

Dove Cameron – Too Much – Single [iTunes Plus M4A]

February 20, 2025, 11:03 am

Throw Back: Kwaw Kese — Ma Kwan (Ft. Edem) Prod by Hammer

June 4, 2015, 4:10 pm

Outlook でメールを保存または送信時に...

April 6, 2018, 4:11 am

Sarah Samis, Emil Bove III

November 17, 2012, 9:36 pm

Stories • Goddess Stepmom

January 31, 2025, 1:10 pm

Chitown Wiseguy Cashed In His Chips In Winter Of ’20, Made Bones In Chicago...

June 5, 2020, 5:30 pm

Portable iSkysoft PDF Editor 5.6.0.1

July 3, 2016, 7:47 am

Mp3 Download: Mdu - Mazola

December 7, 2017, 8:15 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

16 Girls Get Pregnant After A Boy Ejaculated In A Swimming Pool

February 12, 2016, 1:51 am

Zara Larsson – Midnight Sun [iTunes Plus M4V – Full HD]

June 25, 2025, 5:35 pm

New curfew for accused Brathwaite

May 5, 2020, 9:49 pm

Arris router not allowing access, "other local user already log in"

November 1, 2017, 1:00 pm

The 10 Washington Cities With The Largest Black Population For 2021

December 21, 2020, 10:13 am

Burbank Police Log: May 2 – May 8

May 20, 2022, 4:32 pm
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>