Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

About real time search

yutaka1005
Builder
‎09-03-2017 05:59 PM

I want to know about CPU occupation when doing a real-time search.

If I build Splunk in a standalone way, and I configure a real-time search, I think that one of cpu core will be occupied.

But which server's cpu core is occupied by real-time search when configuring distributed search like indexer clustering?
will only cpu core of the search head be occupied? Or, because it is a distributed search, will cpu core of each search peer also be occupied?

Also, if I configured search head clustering, will cpu core of all members be occupied?

I am planning to create large scale configuration for personal use, and planning configure alerts using real time search (rolling window) in the environment, so I want to know how to use cpu core.

I appreciate if someone tell me about it.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-04-2017 10:02 AM

In a distributed real-time search, one core for each peer is occupied, but only one core on one search head is used.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-04-2017 10:02 AM

In a distributed real-time search, one core for each peer is occupied, but only one core on one search head is used.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎09-05-2017 06:49 PM

Thank you for answer.

you mean that only one core on one search head is used if search is processed in search head clustering?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎09-06-2017 05:49 AM

Yes, that is what I meant.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

yutaka1005
Builder
‎09-06-2017 05:35 PM

Thank you for answer!

I understood it!

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...