All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to generate a graph / chart that shows performance of scheduler?

neerajs_81
Builder
‎04-26-2023 12:33 AM

hi, is there a way to generate a graph / chart that shows performance of Scheduler ?
We are using Splunk Enterprise Security and there is an App available called "Cloud Monitoring console" which shows stuff like "Skipped Searches" , "Scheduler Activity" etc but not quite what we are looking for.

We would like to see how many searches were kicked off ( as in dispatched)  every hour or every 30 mins, kind of plot run time of searches .  End goal is to identify if we have too many searches running at a particular time slot n so on.


Labels (1)
Labels
Tags (1)
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎04-26-2023 01:53 AM

Hi

You could start e.g. with this

index=_audit action IN (search, rtsearch, accelerate_search)
| timechart count by info

r. Ismo 

Reply

neerajs_81
Builder
‎04-26-2023 02:40 AM

i ran your search , not sure i understand the result set.  How is this related to scheduler activity and
What do the different values of "info" mean  as shown below ?  To make it simple, is there a way to restrict this data based on the app : SplunkEnterpriseSecurity ? 

neerajs_81_0-1682501959691.png

 

0 Karma
Reply
Get Updates on the Splunk Community!

The All New Performance Insights for Splunk

Splunk gives you amazing tools to analyze system data and make business-critical decisions, react to issues, ...

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...