Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Saved Search Pre-Flight Check

sambosplunk
Engager
‎02-08-2013 12:22 PM

Is there a way to look at a Splunk Search and check it for common issues that might cause the search to run long in advance of setting up the Search and seeing how it performs?

The process at http://wiki.splunk.com/Deploy:SearchPerformance outlines how to troubleshoot an existing bad search, but I am looking for an more automated way to call out issues prior to scheduling on the server. Looking to empower users to create their own searches, but need to ensure that they have not built the search in a way that won't scale.

Has anyone automated this check, and if so, how? If not, are there a more detailed set of steps other than the above that we could use as a starting point for a preflight check?

Any help is much appreciated. Thanks!

Reply

dart
Splunk Employee
Splunk Employee
‎02-11-2013 04:01 PM

The Sanity Checking App should help you out here. It uses Splunk's REST API to get information about Splunk saved searches.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

    Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...