Splunk Enterprise Security

Why does the startup.handoff for searches from our Splunk App for Enterprise Security search head seem to take a long time?

madcitygeek
Explorer

Searches from our Enterprise Security search head seem to take a long time to handoff. How long?

15 -16 seconds.

Search is a simple "index=_internal earliest=-10m"

Splunk 6.1.6. Clustered indexers.

mdessus_splunk
Splunk Employee
Splunk Employee

How many jobs do you have at the same time ? How many CPU do you have ?

pj
Contributor

This isnt an answer...

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

No, but with the lack of details you gave, it's not easy to give you a good answer !

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!