Sorry i didn't express clearly
I added multiple search results to the dashboard
But only seven or six searches are working, and other searches appear to be pending
I query other information and need to change splunk_home / etc / systems / default / limits.comf

The base number of concurrent searches.

Default :"base_max_searches = 6"

Modify to my search limit

Yes, I am the admin of splunk platform

But new warning messages appears

Configuration initialization for /opt/splunk/etc took longer than expected (1044ms) when dispatching a search with search ID rt_admin_adminsearch_search124_rt_1576917618.450. This usually indicates problems with underlying storage performance.

other warning message is

File Integrity checks found 1 files that did not match the system-provided manifest. Review the list of problems reported by the InstalledFileHashChecker in splunkd.log File Integrity Check View ; potentially restore files from installation media, change practices to avoid changing files, or work with support to identify the problem.
any ideal?

you are getting this :
File Integrity checks found 1 files that did not match the system-provided manifest. Review the list of problems reported by the InstalledFileHashChecker in splunkd.log File Integrity Check View ; potentially restore files from installation media, change practices to avoid changing files, or work with support to identify the problem.

because you changed configuration in the system/default folder. make your change in system/local not system default.

As for the issue with the searches not running change your time to non real time, it has nothing to do with the settings for now. No need to run real time searches, you can make ad hoc searches and refresh them every couple of minutes to simulate real time.

Thanks , @DavidHourani
I would like to ask,If I change the system / default folder.
Will other problems occur? Or will they just be warned?
What is the correct way?
Should I add a limits.conf in system / local?
And how to ad hoc searches ?
Please give me teaching or steps
Also I need to monitor about 80 devices
Thank a lot~

"I would like to ask,If I change the system / default folder.
Will other problems occur? Or will they just be warned?"
Yes you will get warnings and if you upgrade your platform you will lose all your configuration.
"What is the correct way?"
Create an app and put your configuration in that app under SPLUNK_HOME/etc/apps/
"Should I add a limits.conf in system / local?"
You can, but for this specific case don't change your system limit. It's not the system limiting you it's the real time search configuration on a per user basis.
"And how to ad hoc searches ?"
Same as you did but instead of selecting real time when picking your time, select a timeframe.

Hope this helps 😄

Also these questions are not related to the thread so please create a new question and then tag me there if you need help ❤️

HI @DavidHourani
Thanks for your help, thank you very much

you're welcome !

And I have a question，
I want to create a dashboard for visualisation.
How to use the field search to show two charts
One side show dest ip and avd_ping
The other side show the value of dest ip and packet_loss rate
any ideal or suggest ?