Splunkd Health Status - Search Scheduler - Search ...

anirbandasdeb · ‎01-14-2021

Hello all, On the splunkd health report, what is the difference between Search Lag & Delay? [ref: https://docs.splunk.com/images/e/ee/Splunkd_health_report_8.0.0.png]

Our deployment has a high number of savedsearches that trigger on cron (every 5m, 15m, 30m, 1h etc) and we are working to minimise the concurrency by introducing Scheduler Window & Skew.
I know exactly which searches are triggering beyond the scheduled time (dispatch_time - scheduled_time from the scheduler.log) and which searches are skipping.
But I do not understand what Splunk signifies as Lag & Delay in terms of searches..

I have gone through the $SPLUNK_HOME/var/log/health.log & server/health/splunkd/details API endpoints but they give the same messages as the Health Indicator.. Thanks in advance!

janroc · ‎01-22-2021

Hi,

There is an app on splunkbase named Alerts For Splunk Admins.

Have you tried the app to find the slowness?

Regards Jan

Splunkd Health Status - Search Scheduler - Search Lag & Delay

monitoring console

proactive Splunk component monitoring

scheduler activity

splunkd

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation