Running Splunk alongside Windows anti-virus products

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Running Splunk alongside Windows anti-virus products

When running Splunk on a Windows server that has an anti-virus product such as McAfee's VirusScan installed, Splunk strongly recommends that you exclude both the splunkd.exe process as well as the %SPLUNK_HOME% directory from any kind of on-access scanning. Splunk requires lots of I/O bandwidth to perform indexing tasks, and can clash with any product that installs a driver that intermediates between Splunk and the operating system. This includes anti-virus on-access scanner drivers. Failure to exclude the Splunk processes and installation directory from these scans can lead to poor performance, including but not limited to unresponsive servers.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.1.4/ReleaseNotes/RunningSplunkalongsideWindowsantivirusproducts"

« Known issues Considerations for users of Splunk 3.4.x »

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 View the Article History for its revisions.

Was this topic useful?
Post a comment

You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!

Release Notes

Running Splunk alongside Windows anti-virus products

Running Splunk alongside Windows anti-virus products

Comments