<span class="pill kill-chain">CPU_0_AVX</span>
<span class="pill kill-chain">CPU_0_AVX2</span>
<span class="pill kill-chain">CPU_0_AVX_VNNI</span>
<span class="pill kill-chain">CPU_0_BMI2</span>
<span class="pill kill-chain">CPU_0_F16C</span>
<span class="pill kill-chain">CPU_0_FMA</span>
<span class="pill kill-chain">CPU_0_LLAMAFILE</span>
<span class="pill kill-chain">CPU_0_SSE3</span>
<span class="pill kill-chain">CPU_0_SSSE3</span>
<span class="pill kill-chain">CPU_1_LLAMAFILE</span>
<span class="pill kill-chain">CUDA_0_ARCHS</span>
<span class="pill kill-chain">CUDA_0_PEER_MAX_BATCH_SIZE</span>
<span class="pill kill-chain">CUDA_0_USE_GRAPHS</span>
<span class="pill kill-chain">LOG</span>
<span class="pill kill-chain">OS</span>
<span class="pill kill-chain">app</span>
<span class="pill kill-chain">args</span>
<span class="pill kill-chain">available</span>
<span class="pill kill-chain">bundle</span>
<span class="pill kill-chain">cmd</span>
<span class="pill kill-chain">compiler</span>
<span class="pill kill-chain">compute</span>
<span class="pill kill-chain">cores</span>
<span class="pill kill-chain">count</span>
<span class="pill kill-chain">date_hour</span>
<span class="pill kill-chain">date_mday</span>
<span class="pill kill-chain">date_minute</span>
<span class="pill kill-chain">date_month</span>
<span class="pill kill-chain">date_second</span>
<span class="pill kill-chain">date_wday</span>
<span class="pill kill-chain">date_year</span>
<span class="pill kill-chain">date_zone</span>
<span class="pill kill-chain">dest</span>
<span class="pill kill-chain">driver</span>
<span class="pill kill-chain">efficiency</span>
<span class="pill kill-chain">env</span>
<span class="pill kill-chain">eventtype</span>
<span class="pill kill-chain">free</span>
<span class="pill kill-chain">free_swap</span>
<span class="pill kill-chain">gpus</span>
<span class="pill kill-chain">host</span>
<span class="pill kill-chain">http_d</span>
<span class="pill kill-chain">http_method</span>
<span class="pill kill-chain">http_path</span>
<span class="pill kill-chain">http_pattern</span>
<span class="pill kill-chain">http_response_code</span>
<span class="pill kill-chain">http_status</span>
<span class="pill kill-chain">id</span>
<span class="pill kill-chain">index</span>
<span class="pill kill-chain">installer</span>
<span class="pill kill-chain">interval</span>
<span class="pill kill-chain">layers_model</span>
<span class="pill kill-chain">layers_offload</span>
<span class="pill kill-chain">layers_requested</span>
<span class="pill kill-chain">layers_split</span>
<span class="pill kill-chain">level</span>
<span class="pill kill-chain">library</span>
<span class="pill kill-chain">linecount</span>
<span class="pill kill-chain">maxEfficiencyClass</span>
<span class="pill kill-chain">memory_available</span>
<span class="pill kill-chain">memory_gpu_overhead</span>
<span class="pill kill-chain">memory_graph_full</span>
<span class="pill kill-chain">memory_graph_partial</span>
<span class="pill kill-chain">memory_required_allocations</span>
<span class="pill kill-chain">memory_required_full</span>
<span class="pill kill-chain">memory_required_kv</span>
<span class="pill kill-chain">memory_required_partial</span>
<span class="pill kill-chain">memory_weights_nonrepeating</span>
<span class="pill kill-chain">memory_weights_repeating</span>
<span class="pill kill-chain">memory_weights_total</span>
<span class="pill kill-chain">model</span>
<span class="pill kill-chain">msg</span>
<span class="pill kill-chain">name</span>
<span class="pill kill-chain">overhead</span>
<span class="pill kill-chain">package</span>
<span class="pill kill-chain">parallel</span>
<span class="pill kill-chain">port</span>
<span class="pill kill-chain">punct</span>
<span class="pill kill-chain">request</span>
<span class="pill kill-chain">request_id</span>
<span class="pill kill-chain">required</span>
<span class="pill kill-chain">response_time_ms</span>
<span class="pill kill-chain">source</span>
<span class="pill kill-chain">sourcetype</span>
<span class="pill kill-chain">splunk_server</span>
<span class="pill kill-chain">status</span>
<span class="pill kill-chain">threads</span>
<span class="pill kill-chain">threshold</span>
<span class="pill kill-chain">time</span>
<span class="pill kill-chain">timeendpos</span>
<span class="pill kill-chain">timestartpos</span>
<span class="pill kill-chain">tool_count</span>
<span class="pill kill-chain">total</span>
<span class="pill kill-chain">variant</span>
<span class="pill kill-chain">vendor_product</span>
<span class="pill kill-chain">version</span>
</div>
Data Source: Ollama Server
Description
Ollama server logs (HTTP access logs via GIN framework and system logs including GPU/CPU utilization, model loading, memory allocation, errors, and warnings) via Splunk TA-ollama add-on by configuring file monitoring inputs to your log directories (sourcetype: ollama:server), or enable HEC for real-time API telemetry and prompt analytics (sourcetypes: ollama:api, ollama:prompts). TA available in Splunkbase
Details
| Property | Value |
|---|---|
| Source | server.log |
| Sourcetype | ollama:server |
Related Detections
Supported Apps
- TA-ollama (version 0.1.5)
Event Fields
Fields
Example Log
1time=2025-10-02T14:46:19.789-04:00 level=INFO source=server.go:544 msg=offload library=cuda layers.requested=-1 layers.model=29 layers.offload=29 layers.split=[29] memory.available="[6.9 GiB]" memory.gpu_overhead="0 B" memory.required.full="3.1 GiB" memory.required.partial="3.1 GiB" memory.required.kv="448.0 MiB" memory.required.allocations="[3.1 GiB]" memory.weights.total="1.9 GiB" memory.weights.repeating="1.6 GiB" memory.weights.nonrepeating="308.2 MiB" memory.graph.full="256.5 MiB" memory.graph.partial="570.7 MiB"
Source: GitHub | Version: 2