Monitoring Splunk
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Search head CPU Utilization

gharpe2
Explorer
‎04-05-2012 10:01 AM

How can I find out what is taking up the CPU on a search head? Yesterday the utilization was 20% on avg., and today it is 80%.

Tags (1)
0 Karma
Reply

jt_splunk
Explorer
‎04-06-2012 03:52 AM

The default search app has 2 dashboards which will tell you CPU utilization issues related to indexing and searching. They can be accessed by:

http://:8000/en-US/app/search/search_detail_activity
http://:8000/en-US/app/search/index_status

Also, what version of Splunk are you using? I had similar issues when I upgraded from 4.2 to 4.3. Then I upgraded to 4.3.1 and the problem went away.

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎04-05-2012 10:48 AM

Install sos app on the Search-head, enable the ps_sos.sh scritped input.
It will collect measures cpu/memory per splunk process, you may be able to see the detail. (if this is splunkd, splunkweb, or user searches)

http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk

0 Karma
Reply
Get Updates on the Splunk Community!

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...
Top