17. How can you troubleshoot Splunk performance issues?
- Check splunkd.log to find any errors
- Check server performance issues (CPU/memory usage, disk i/o, etc.)
- Check the number of saved searches that are running at present and also their system resources consumption.
- Install the SOS (Splunk on Splunk) app and see if the dashboard displays any warning or errors.
OR
- Go to DMC and resource usage and check the status
18. How to exclude some events from being indexed in splunk?
The debug messages in your application development cycle. You can exclude such debug messages by putting those events in the null queue. These null queues are put into transforms.conf at the forwarder level itself.
