Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk resource usage by users/searches

jpillai
Path Finder
‎02-23-2024 10:35 AM

Hi all,

We are seeing a scenario where there are a lot of unoptimised searches, dashboards etc which when run are exhausting our CPU on indexers. If some users run resource intensive adhoc searches/dashboards etc simultaneously, this is becoming a problem as so many searches running together resulting in 'server busy' error at indexer.

 

1. Is there any way we can throttle CPU/memory usage per user/role/searches?

2. Are there any documents on optimising searches for better performance and less resource usage?

Labels (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎02-23-2024 11:55 AM

1. Check out the Workload Management feature.  https://docs.splunk.com/Documentation/SplunkCloud/9.0.2305/Admin/WorkloadManagement

2. That's about as much art as it is science.  The Search Manual has a chapter on it that should get you started.  https://docs.splunk.com/Documentation/Splunk/latest/Search/Aboutoptimization

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...