Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Identifying bottlenecks on indexers and search head

bruceclarke
Contributor
‎05-18-2014 03:09 PM

Hi all,

I've been tasked with detailing information about our Splunk indexer and search head machines that shows the need for increased machine performance. I know our instance of Splunk is "slow" multiple times throughout the day. Moreover, I know that the machines do not meet the recommended hardware requirements. Regardless, I need to display this information to the best of my ability.

In order to relay this information, I want to use Splunk on Splunk in order to show what happens to our indexers and search head when under heavy load. Does anyone have some good recommendations for how to objectively display this information using S.o.S.?

Thanks!

Tags (3)
0 Karma
Reply

grijhwani
Motivator
‎05-19-2014 05:58 AM

You don't mention which platform you are running on, but this sounds like a sysadmin/resource issue, not an application issue. If you are running on Linux or unix, I would recommending using the "sar" utilities to profile machine resource usage over time across your Splunk infrastructure. This will give you a starting view of the resources being used and should indicate where they are maxing out, be that processor, memory, or i/o. From that you can then work back to understanding the processes, and the causes of the resource exhaustion.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...