Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Recommended thresholds on Splunk Cloud Search Head

Roy_9
Motivator
‎12-29-2022 10:03 AM

Hello,

What are the recommended thresholds on the Splunk cloud SH Health Report Manager.

Search Lag-
Searches Delayed-
Searches Skipped In-


Thanks

Preview file
78 KB
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎12-29-2022 01:41 PM

There is no such thing. Every environment is different and every customer has different needs. Of course in an ideal world you'd have enough resources to run all the searches on time but in reality, especially if you have clueless users who schedule millions of searches on the top of the hour it won't work. It's up to you and the characteristics of your workload to decide what is acceptable. Some customers need a strict adherence to the schedule (and might even set up separate search heads just to do schedules reports uninterrupted) whereas others are ok even if a search is delayed quite a lot.

So YMMV.

0 Karma
Reply

Roy_9
Motivator
‎12-29-2022 02:20 PM

Sure @PickleRick , I got it,  thanks for sharing your thoughts.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...