System responding slow and high memory use in the presence of Splunk
Last Modified: 2023-01-17 21:17:21 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
System responding slow and high memory use in the presence of Splunk
Technical Articles ID:
KB95259
Last Modified: 2023-01-17 21:17:21 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x Splunk Enterprise Splunk Forwarder Summary
Splunk requires high use of disk. In the presence of antimalware products, this disk use further impacts the system and you observe high memory and CPU use.
Problem
You observe high memory, high disk, and high CPU use with Splunk in the presence of ENS Threat Prevention.
Cause
Splunk requires ample disk I/O bandwidth to perform indexing tasks. In particular, disk write operations are intensive. These disk writes can clash with any product that installs a driver that intermediates between Splunk Enterprise and the operating system. For example, antimalware on-access scan software.
Solution
When you run Splunk (Enterprise or Forwarder) on a system with ENS Threat Prevention installed, we strongly recommend that you exclude the following from on-access scanning:
Affected ProductsLanguages:This article is available in the following languages: |
|