Skip to content

Commit a8cd3b8

Browse files
MrM8BRHMrM8BRH
authored
Update Splunk Deployment.md
1 parent 5c23767 commit a8cd3b8

File tree

1 file changed

+14
-9
lines changed

1 file changed

+14
-9
lines changed

Splunk Deployment/Splunk Deployment.md

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -416,7 +416,10 @@ Wants=network-online.target
416416
[Service]
417417
Type=simple
418418
Restart=always
419-
ExecStart=/opt/splunk/bin/splunk _internal_launch_under_systemd
419+
#ExecStart=/opt/splunk/bin/splunk _internal_launch_under_systemd
420+
ExecStart=/opt/splunk/bin/splunk _internal_launch_under_systemd \
421+
--nodaemon \
422+
--env SPLUNK_IGNORE_SYSTEMD_OPENSSL=1
420423
KillMode=mixed
421424
KillSignal=SIGINT
422425
TimeoutStopSec=360
@@ -443,8 +446,9 @@ Validate the systemd unit file syntax
443446
```
444447
systemd-analyze verify /etc/systemd/system/Splunkd.service
445448
```
446-
Reload systemd configuration to apply changes
449+
Clean systemd environment
447450
```
451+
systemctl daemon-reexec
448452
systemctl daemon-reload
449453
```
450454
Enable Splunkd to start at boot and start the service immediately
@@ -479,7 +483,7 @@ chmod -R u+rwX /opt/splunk/var
479483
[settings]
480484
max_upload_size = 2048
481485
enableSplunkWebSSL = true
482-
splunkdConnectionTimeout = 3000
486+
splunkdConnectionTimeout = 600
483487
```
484488
</details>
485489

@@ -497,30 +501,30 @@ In the [limits.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/L
497501
* `nano /opt/splunk/etc/system/local/limits.conf`
498502
```
499503
[default]
500-
max_mem_usage_mb = 12288
504+
max_mem_usage_mb = 24576
501505
502506
[searchresults]
503-
maxresultrows = 200000
507+
maxresultrows = 100000
504508
505509
# The maximum number of concurrent historical searches in the search head.
506510
total_search_concurrency_limit = auto
507511
508512
# The base number of concurrent historical searches.
509-
base_max_searches = 8
513+
base_max_searches = 24
510514
511515
# Max real-time searches = max_rt_search_multiplier x max historical searches.
512-
max_rt_search_multiplier = 3
516+
max_rt_search_multiplier = 1
513517
514518
# The maximum number of concurrent historical searches per CPU.
515-
max_searches_per_cpu = 16
519+
max_searches_per_cpu = 2
516520
517521
[scheduler]
518522
# The maximum number of searches the scheduler can run, as a percentage
519523
# of the maximum number of concurrent searches.
520524
max_searches_perc = 75
521525
522526
# Fraction of concurrent scheduler searches to use for auto summarization.
523-
auto_summary_perc = 75
527+
auto_summary_perc = 50
524528
```
525529
These adjustments should be aligned with our system requirements and available resources.
526530
</details>
@@ -1073,3 +1077,4 @@ sourcetype = fs_notification
10731077

10741078

10751079

1080+

0 commit comments

Comments
 (0)