Is there a way to generate a graph / chart that sh...

neerajs_81 · ‎04-26-2023

hi, is there a way to generate a graph / chart that shows performance of Scheduler ?
We are using Splunk Enterprise Security and there is an App available called "Cloud Monitoring console" which shows stuff like "Skipped Searches" , "Scheduler Activity" etc but not quite what we are looking for.

We would like to see how many searches were kicked off ( as in dispatched) every hour or every 30 mins, kind of plot run time of searches . End goal is to identify if we have too many searches running at a particular time slot n so on.

isoutamo · ‎04-26-2023

Hi

You could start e.g. with this

index=_audit action IN (search, rtsearch, accelerate_search)
| timechart count by info

r. Ismo

neerajs_81 · ‎04-26-2023

i ran your search , not sure i understand the result set. How is this related to scheduler activity and
What do the different values of "info" mean as shown below ? To make it simple, is there a way to restrict this data based on the app : SplunkEnterpriseSecurity ?

Is there a way to generate a graph / chart that shows performance of scheduler?

search

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7