All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is the difference on using Splunk UI and Splunk APIs?

josefa123
Explorer
‎09-20-2015 05:54 PM

Hi. I have experienced and tested the Splunk UI for months and I have found out that it eats memory when I have too many concurrent searches and jobs running. I cannot eliminate these jobs because the infrastructure that I am working on needs to have many real time searches. I need your help guys to decide whether I need to build my own app with Splunk as the middleware or the Splunk UI can handle all the work by itself. From what I have experienced on this past few months, the Splunk UI crashed and is not responding when there are loads of searches going on.

I am also wondering how does the other companies deploy splunk to their infra with many real time searches as well. If you guys can share me some then it will be so much appreciated.

0 Karma
Reply

muebel
SplunkTrust
SplunkTrust
‎10-04-2015 03:15 PM

I wouldn't expect that there is any fundamental difference between the api, and searches executed through the web interface. Ultimately they both end up as jobs running through the Splunk scheduler.

If you are having crashing issues, I would open a Splunk support case. Otherwise, Splunk scales out horizontally, and so you should continue to add search heads (in a cluster) as the concurrent search load increases.

0 Karma
Reply

pradeepkumarg
Influencer
‎09-20-2015 07:54 PM

did you consider scaling your architecture? adding more search heads, indexers? You will have to give more details on your architecture and what you are trying to achieve for the forum to help you better.

0 Karma
Reply

josefa123
Explorer
‎09-20-2015 08:52 PM

I only have one indexer which is a linux server with 12gb of RAM but still crashes when there are many real time searches on going. We have tried to test it with 3 simultaneous users but it freezes. We are targeting to monitor 600+ machines deployed remotely real time. What am I asking here is that is there are significant difference in performance if we are going to build and just use splunk APIs rather than the GUI or it doesnt have much difference at all? Another one is that if we will use Splunk APIs, does it count as a search job just like the search queries in Splunk GUI? Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...