Yes, that looks valid for maximum searches than can be run by the Splunk scheduler. Note that you can adjust max_searches_per_cpu (although usually not a good idea). max_searches_perc could be adjusted up/down 10% etc. depending on whether the system will be running mostly scheduled searches/alerts vs. user adhoc searches.

Total Searches able to execute (scheduled and adhoc) would be:
SH1 = ((6+48) = 54 Max concurrente searches
SH2 =((6+16) = 22 Max concurrente searches
SH3 = ((6+12) = 18 Max concurrente searches

An latest question.

In the implemnattion I see this configuration by SH

limits.conf
max_historical_searches_per_cpu=4
base_max_searches = 6

then to this cluster will be:

max_historical_searches_per_cpu x number_of_cpus + base_max_searches
4*(40+16+12)+6 = 278
Or calculate one by one and after sum it?
4*40+6 =166
4*16+6= 70
4*12+6= 54
= 290
The results are differents

Well this configuration is wrong, but I dont have problems because the average of concurrent searches is the only 1.40

And , I see an ancient message on the splunkd.log, say:

05-09-2019 13:46:11.904 -0400 ERROR SHCMaster - Search not executed: The maximum number of historical concurrent system-wide searches has been reached. current=108 maximum=105 for search: admin;xxxxxxxxx
But I don´t how obtained this value: 105 ??

Thanks for your help, Now I have it more clear

When I pressed "submit" I just saw your Monitoring Console paragraph. 😄 Deleted my comment.

Skalli

hi, try again