Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting Workload Categories for Workload Management

sanjay_e
Engager
‎11-05-2019 12:11 PM

How do you determine how much CPU and memory to allocate to Search, Index, and Miscellaneous?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunk_zen
Builder
‎11-07-2019 09:16 AM

I've used the Monitoring Console to gain familiarity with the median and max resource consumption trends for the indexers and Search Heads and set it according to that.

Miscellaneous are scripted/modular inputs so you only need to cover those on your Heavy Forwarders

Above all, remember to set generous headroom and remember the beauty of Workload Categories is this doesn't have to be written in stone and you can change them later with ease.
Let me know if you have a more specific question about WLM

View solution in original post

Reply
Solved! Jump to solution
Solution

splunk_zen
Builder
‎11-07-2019 09:16 AM

I've used the Monitoring Console to gain familiarity with the median and max resource consumption trends for the indexers and Search Heads and set it according to that.

Miscellaneous are scripted/modular inputs so you only need to cover those on your Heavy Forwarders

Above all, remember to set generous headroom and remember the beauty of Workload Categories is this doesn't have to be written in stone and you can change them later with ease.
Let me know if you have a more specific question about WLM

Reply
Solved! Jump to solution

sanjay_e
Engager
‎11-07-2019 10:33 AM

Hi splunk_zen,

Thank you for your reply - Do the indexers map directly to ingest and the search heads directly to search? From my understanding, indexers aid when running searches as well, so I thought that it may be inaccurate to set the categories based just on the resource consumption of search heads/indexers.

Also, do you know why the default split is 70:20:10 for search:index:miscellaneous? When I checked the resource consumption, indexers used far more resources than search heads so I wanted to double-check that this approach was fine.

And one last question! Does workload management kick in once we activate it? ie. Should I expect search heads and indexers to go down if they don't have enough resources immediately after we install it?

0 Karma
Reply
Solved! Jump to solution

splunk_zen
Builder
‎11-08-2019 02:02 AM

First of all, did you already setup linux cgroups?
Your understanding of indexers is correct, but please spin this into a new question to keep things clearer for everyone

0 Karma
Reply
Solved! Jump to solution

sandeepmakkena
Contributor
‎11-05-2019 02:19 PM

Here is the information which I think should answer the question.

https://docs.splunk.com/Documentation/Splunk/8.0.0/Capacity/Summaryofperformancerecommendations
https://docs.splunk.com/Documentation/Splunk/8.0.0/Capacity/Referencehardware

Hope this helps, Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...