Monitoring Splunk

Is "What to Search" in top app page running some real-time-search as login user?

Shuhei052492
Path Finder

Hello Splunkers,

Does anyone know the login user run some real time searches when user just is opening the following screen page.

When I checked the CPU usage in splunk server by monitoring console, it is the cause for my user who was role of "user" to run some real-time-searches .
And the search was running as real-time-search during 1 hour.
At the duration, my user did not run ad-hoc search and schedule-search.

alt text

I am wondering the panel of "What to Search" might be the cause to run some real-time-searches.
Additionally, does anyone know how to let them be disable?

Any advice or opinion are appreciated.
Regards,

0 Karma
1 Solution

chrisyounger
SplunkTrust
SplunkTrust

Hi @Shuhei052492

You can disable these searches by following the instructions here: https://answers.splunk.com/answers/103589/search-summary-page-automatically-runs-real-time-searches....

Good luck

View solution in original post

chrisyounger
SplunkTrust
SplunkTrust

Hi @Shuhei052492

You can disable these searches by following the instructions here: https://answers.splunk.com/answers/103589/search-summary-page-automatically-runs-real-time-searches....

Good luck

View solution in original post

Shuhei052492
Path Finder

Hi,
Thank you for your message.

you mean to set the following setting in /etc/local/ui-prefs.conf, don't you?
display.prefs.enableMetaData = 0
display.prefs.showDataSummary = 0

Regards,

0 Karma

chrisyounger
SplunkTrust
SplunkTrust

Yes that is correct.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!