Is it possible to relate the issues displayed in S...

nouraali · ‎06-23-2022

Hello,

Is it possible to relate the issues displayed in Splunk UI (attached below) to OS data or Splunk logs:

In other words,
Given the OS metrics(RAM,CPU,SWAP,....) of the servers hosting Splunk and Splunk logs, can we relate some trends in this data to below issues:

The percentage of high priority searches lagged (33%) over the last 24 hours is very high and exceeded the yellow thresholds (10%) on this Splunk instance. Total Searches that were part of this percentage=18. Total lagged Searches=6
The percentage of small buckets created over the last hour is high and exceeded the red thresholds for index=..., and possibly more indexes, on this indexer. At the time this alert fired, total buckets created=13, small buckets=11
The percentage of non high priority searches delayed (54%) over the last 24 hours is very high and exceeded the red thresholds (20%) on this Splunk instance. Total Searches that were part of this percentage=574144. Total delayed Searches=314696
Search peer down
Disk space/file system under this mount point ... is exceeding the limits 80%

Would really appreciate your response.

Is it possible to relate the issues displayed in Splunk UI to OS data or Splunk logs?

proactive Splunk component monitoring

resource usage

scheduler activity

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation