Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is there a way to configure Splunk to make scheduled searches having a higher priority than ad-hoc searches?

danielbb
Motivator
‎02-16-2023 10:28 AM

Is there a way to configure Splunk to make scheduled searches having a higher priority than ad-hoc searches? 

I know that we can do it using the Workload Management but since we don't use it yet, I hope there is a way to do it without the Workload Management.

Labels (1)
Labels
0 Karma
Reply

jonaclough
Path Finder
‎02-17-2023 06:53 AM

You can set limits on the relative number of ad-hoc vs scheduled searches that can run on a SH: https://docs.splunk.com/Documentation/Splunk/9.0.4/admin/Limitsconf

The setting max_searches_perc is worth investigating. This will give more room for the scheduled searches to operate. You could also have SHs dedicated to scheduled searches

Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...