Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunkd Health Status - Search Scheduler - Search Lag & Delay

anirbandasdeb
Path Finder
‎01-14-2021 06:52 AM

Hello all, On the splunkd health report, what is the difference between Search Lag & Delay? [ref: https://docs.splunk.com/images/e/ee/Splunkd_health_report_8.0.0.png]

Our deployment has a high number of savedsearches that trigger on cron (every 5m, 15m, 30m, 1h etc) and we are working to minimise the concurrency by introducing Scheduler Window & Skew.
I know exactly which searches are triggering beyond the scheduled time (dispatch_time - scheduled_time from the scheduler.log) and which searches are skipping.
But I do not understand what Splunk signifies as Lag & Delay in terms of searches..

I have gone through the $SPLUNK_HOME/var/log/health.log & server/health/splunkd/details API endpoints but they give the same messages as the Health Indicator.. Thanks in advance!

0 Karma
Reply

janroc
Explorer
‎01-22-2021 04:54 AM

Hi,

There is an app on splunkbase named Alerts For Splunk Admins.

Have you tried the app to find the slowness?

 

Regards Jan

0 Karma
Reply
Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...