Splunk Enterprise Security

Why does the startup.handoff for searches from our Splunk App for Enterprise Security search head seem to take a long time?

madcitygeek
Explorer

Searches from our Enterprise Security search head seem to take a long time to handoff. How long?

15 -16 seconds.

Search is a simple "index=_internal earliest=-10m"

Splunk 6.1.6. Clustered indexers.

mdessus_splunk
Splunk Employee
Splunk Employee

How many jobs do you have at the same time ? How many CPU do you have ?

pj
Contributor

This isnt an answer...

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

No, but with the lack of details you gave, it's not easy to give you a good answer !

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!