Hi,
I'm writing here out of desperation. We're having significant performance issues with our Splunk environment. I'll share as much info as I can and welcome any input or suggestions greatly:
2 standalone search heads
- 1 ES
- 1 non-ES Searching and Reporting
7 indexers
2 heavy forwarders
~8000 UFs
All boxes are 20 cores and 48 GB RAM running Ubuntu and on ESX in a dedicated UCS farm with no overprovisioning. We're using shared Vmax storage for indexers and shared NIMBLE everywhere else.
All of our indexing and forwarding queues are 90+% filled and our indexing is hours and in some cases days behind.
We're struggling to identify the root cause. Any feedback is hugely appreciated.
Thank you in advance.
↧