Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk REST interface slow

DavidHourani
Super Champion
‎07-21-2019 01:37 PM

Hi splunkers,

Im running a multisite clustered environment with SH clustering. When I'm on any SH running searches everything runs perfectly fine except when I try to run a REST command then it runs very slow. For example the search below even running locally takes ages when trying to hit any endpoint:

| rest /servicesNS/..... splunk_server=local

Any idea what could cause the rest endpoint to give slow results ? Has anyone had similar issues ? Splunk is running in the cloud..

Update: Same configuration seams to be working on prem with no problem. What could cause such slowness on AWS ?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

DavidHourani
Super Champion
‎11-04-2019 11:15 PM

Heavy load on LDAP auth requests was the source of the issue.

View solution in original post

Reply
Solved! Jump to solution
Solution

DavidHourani
Super Champion
‎11-04-2019 11:15 PM

Heavy load on LDAP auth requests was the source of the issue.

Reply
Solved! Jump to solution

effem
Communicator
‎11-05-2019 04:47 AM

It basically was the way Splunk handles LDAP-Requests in Combination with 40ms more delay per request.
Having Splunk doing 1000 requests per minute isn't expensive, when the delay is under a ms. But over the internet it becomes significant and draws lots of CPU Time.

0 Karma
Reply
Solved! Jump to solution

wmyersas
Builder
‎10-17-2019 12:02 PM

My guess is that this is related to what endpoints have been configured to allow rest calls - https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/Restmapconf

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...