Splunk ITSI
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Fine tuning Splunk services and base search.

vardhanp
Engager
‎02-26-2020 03:50 AM

Hi Team,

We are using Splunk ITSI and we are planning to improve Splunk performance, we need help in understanding how much overhead each service gives on Splunk server,
So to understand this in a better way please read the scenario below

We have one platform say "App" where we have 5 servers and we need to measure performance on the basis of 3 KPI's i.e CPU Utilization, Memory Utilization & Disk Utilization, Now to measure the performance of the overall platform we need to measure the performance of each host.

So here we have two service configuration methods.

First :
1: We will create base search for the KPI's
2: We will create one service for each host having its host as an entity all 3 KPI's in it.
3: Then create one overall service for the "App" platform having Service dependencies in it where we will mention services created for all 5 hosts.

Second :
1: We will create base search for the KPI's
2: We will create one overall service for the "App" platform having its all 5 host as an entity all 3 KPI's in it.

So i want to understand here which method will more efficient and give less overhead on splunk.

Labels (2)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...