Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting Workload Categories for Workload Management

sanjay_e
Engager
‎11-05-2019 12:11 PM

How do you determine how much CPU and memory to allocate to Search, Index, and Miscellaneous?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunk_zen
Builder
‎11-07-2019 09:16 AM

I've used the Monitoring Console to gain familiarity with the median and max resource consumption trends for the indexers and Search Heads and set it according to that.

Miscellaneous are scripted/modular inputs so you only need to cover those on your Heavy Forwarders

Above all, remember to set generous headroom and remember the beauty of Workload Categories is this doesn't have to be written in stone and you can change them later with ease.
Let me know if you have a more specific question about WLM

View solution in original post

Reply
Solved! Jump to solution
Solution

splunk_zen
Builder
‎11-07-2019 09:16 AM

I've used the Monitoring Console to gain familiarity with the median and max resource consumption trends for the indexers and Search Heads and set it according to that.

Miscellaneous are scripted/modular inputs so you only need to cover those on your Heavy Forwarders

Above all, remember to set generous headroom and remember the beauty of Workload Categories is this doesn't have to be written in stone and you can change them later with ease.
Let me know if you have a more specific question about WLM

Reply
Solved! Jump to solution

sanjay_e
Engager
‎11-07-2019 10:33 AM

Hi splunk_zen,

Thank you for your reply - Do the indexers map directly to ingest and the search heads directly to search? From my understanding, indexers aid when running searches as well, so I thought that it may be inaccurate to set the categories based just on the resource consumption of search heads/indexers.

Also, do you know why the default split is 70:20:10 for search:index:miscellaneous? When I checked the resource consumption, indexers used far more resources than search heads so I wanted to double-check that this approach was fine.

And one last question! Does workload management kick in once we activate it? ie. Should I expect search heads and indexers to go down if they don't have enough resources immediately after we install it?

0 Karma
Reply
Solved! Jump to solution

splunk_zen
Builder
‎11-08-2019 02:02 AM

First of all, did you already setup linux cgroups?
Your understanding of indexers is correct, but please spin this into a new question to keep things clearer for everyone

0 Karma
Reply
Solved! Jump to solution

sandeepmakkena
Contributor
‎11-05-2019 02:19 PM

Here is the information which I think should answer the question.

https://docs.splunk.com/Documentation/Splunk/8.0.0/Capacity/Summaryofperformancerecommendations
https://docs.splunk.com/Documentation/Splunk/8.0.0/Capacity/Referencehardware

Hope this helps, Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...