Re: Splunk high CPU utlization investigation

aaronkorn · ‎05-06-2013

Is there a way to track a particular Splunk PID on the search head to see which search/action is being ran to track utilization?

splunkIT · ‎05-31-2013

Have you tried to install the S.o.S app to see if it will help in providing more insight to your splunk instance?

http://splunk-base.splunk.com/apps/29008/sos-splunk-on-splunk

kristian_kolb · ‎05-06-2013

Have you looked at the built-in statistics for this (in the Search App)? From the menu bar, choose;

Status -> Search Activity -> Search Activity Overview

Status -> Search Activity -> Search Detail

Could prove useful.

/K

aaronkorn · ‎05-07-2013

Yeah I know about that but there are searches that are using a high amount of CPU and want to investigate who is running them and what they are doing. Is this logged in the _internal index? I know when you inspect a search it tells you the PID.

Splunk high CPU utlization investigation

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation