https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547267#M155164 <P>Thank u for your message. I am also getting red alerts for delayed searches. I searched on answers.splunk.com they all blame the high priority scheduled / saved searches. Your SPL did not find any in my environment. So How do I find the true cause of delayed searches from your point of view ( I know there are many factors incl. (CPU, RAM) etc. Please advise &amp; Thanks again.</P> Thu, 08 Apr 2021 20:34:17 GMT SamHTexas 2021-04-08T20:34:17Z https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547251#M155156 <P>How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? Can the Monitoring console be used for this purpose if yes, how please?</P> Thu, 08 Apr 2021 18:23:56 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547251#M155156 SamHTexas 2021-04-08T18:23:56Z https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547253#M155158 <P>The MC doesn't have that information.&nbsp; You can get it from the SH on which the search is scheduled.&nbsp; Go to Settings-&gt;Searches, reports, and alerts or search for&nbsp;</P><LI-CODE lang="markup">| rest /services/saved/searches | search is_scheduled=1</LI-CODE> Thu, 08 Apr 2021 18:36:07 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547253#M155158 richgalloway 2021-04-08T18:36:07Z https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547267#M155164 <P>Thank u for your message. I am also getting red alerts for delayed searches. I searched on answers.splunk.com they all blame the high priority scheduled / saved searches. Your SPL did not find any in my environment. So How do I find the true cause of delayed searches from your point of view ( I know there are many factors incl. (CPU, RAM) etc. Please advise &amp; Thanks again.</P> Thu, 08 Apr 2021 20:34:17 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547267#M155164 SamHTexas 2021-04-08T20:34:17Z https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547465#M155253 <P>As the risk of repeating myself, the cause of delayed searches is having to wait for other searches to complete.&nbsp; Search priorities are, in descending order: real-time, ad-hoc, scheduled, accelerations.</P><P>The Extended Search Reporting dashboard I referenced earlier (<A href="https://github.com/dpaper-splunk/public/blob/master/dashboards/extended_search_reporting.xml" target="_blank">https://github.com/dpaper-splunk/public/blob/master/dashboards/extended_search_reporting.xml</A>) presents information about your searches in various ways to help you identify problem spots.</P><P>Some focus points:</P><OL><LI>Abandon real-time searches.&nbsp; Really.&nbsp; You don't need them.&nbsp; Think you do?&nbsp; Well, you don't.</LI><LI>Get rid of searches you don't need.&nbsp; That report no one reads?&nbsp; Ditch it.</LI><LI>Make searches as efficient as possible so they finish as soon as possible. This reduces the wait time for other searches to start.</LI><LI>Set Schedule Window to "auto".</LI><LI>Adjust the start times for the searches so fewer of them try to run at once.&nbsp; There are 60 minutes in an hour - use them all.</LI></OL> Sat, 10 Apr 2021 00:10:27 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-find-a-list-of-scheduled-saved-searches-in-ES-specially/m-p/547465#M155253 richgalloway 2021-04-10T00:10:27Z