Deployment Architecture
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Identifying bottlenecks on indexers and search head

bruceclarke
Contributor
‎05-18-2014 03:09 PM

Hi all,

I've been tasked with detailing information about our Splunk indexer and search head machines that shows the need for increased machine performance. I know our instance of Splunk is "slow" multiple times throughout the day. Moreover, I know that the machines do not meet the recommended hardware requirements. Regardless, I need to display this information to the best of my ability.

In order to relay this information, I want to use Splunk on Splunk in order to show what happens to our indexers and search head when under heavy load. Does anyone have some good recommendations for how to objectively display this information using S.o.S.?

Thanks!

Tags (3)
0 Karma
Reply

grijhwani
Motivator
‎05-19-2014 05:58 AM

You don't mention which platform you are running on, but this sounds like a sysadmin/resource issue, not an application issue. If you are running on Linux or unix, I would recommending using the "sar" utilities to profile machine resource usage over time across your Splunk infrastructure. This will give you a starting view of the resources being used and should indicate where they are maxing out, be that processor, memory, or i/o. From that you can then work back to understanding the processes, and the causes of the resource exhaustion.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...