Solved: Re: How to distribute load on all the other CPU co...

uagraw01 · ‎09-20-2023

Hello Splunkers !!

Our Splunk setup is currently setup to have singular processing instead of parallel processing, therefore the load is not being distributed but rather spikes on one core. We want to distribute load on all the other CPU core parallelly. Please suggest how I check the core CPU used by Splunk and in which config file I need to change ?

richgalloway · ‎09-21-2023

By default, Splunk uses all CPUs on the system. An individual search, however, is limited to a single CPU.

How did you set up your Splunk to have singular processing (and what exactly do you mean by that)?

---
If this reply helps you, Karma would be appreciated.

View solution in original post

PickleRick · ‎09-21-2023

Single search is run on a single processor. That's by design.

There is a parallelization in two cases:

1) You run multiple searches at the same time.

2) You distribute a search between many indexers.

But on a single Splunk component (Search Head, Indexer) a single search thread occupies a single processor.

richgalloway · ‎09-21-2023

By default, Splunk uses all CPUs on the system. An individual search, however, is limited to a single CPU.

How did you set up your Splunk to have singular processing (and what exactly do you mean by that)?

---
If this reply helps you, Karma would be appreciated.

How to distribute load on all the other CPU core parallely?

other

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?