Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What does historical mode mean in the Scheduled Activity dashboard in DMC?

joshiro
Communicator
‎01-12-2023 07:46 AM

We are trying to troubleshoot some memory consumption issues with one of the SH cluster nodes.

We found that this instance shows high concurrency of scheduled reports 46/15 historical while the other nodes are way below this number.

joshiro_0-1673537846628.png

Also in the running historical scheduled reports panel we got a column Mode that shows "historical" as value.

joshiro_1-1673537963867.png


What does a "historical" report mean in this context?

The Splunk documentation for DMC doesnt explain it.
https://docs.splunk.com/Documentation/Splunk/9.0.3/DMC/Scheduleractivity

Regards.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-12-2023 08:21 AM

https://docs.splunk.com/Splexicon:Historicalsearch

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-12-2023 08:21 AM

https://docs.splunk.com/Splexicon:Historicalsearch

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

joshiro
Communicator
‎01-12-2023 09:13 AM

Thanks for the reply. Very helpful, but i still cant clearly understand what the number 46 means.

Are the 46 concurrent historical searches that shows this panel scheduled and running at this moment?
Or are they currently scheduled to run at another time (not running)?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎01-12-2023 11:19 AM

The left number (46) is highest number of searches running at any time in the past (not sure how far back it looks).  The right number (15) is the configured maximum number of concurrent searches.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

joshiro
Communicator
‎01-13-2023 05:13 AM

I guess we got something wrong with the SH cluster, it is not scheduling the searches evenly across the nodes.

joshiro_0-1673615420142.png

And the one with the highest count is not even the captain.

Thanks again for the reply, we ll open a support case and try to troubleshoot this issue.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...