- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a multisite setup. Each site has 3-4 indexers, with a Replication Factor = 2.
Search Factor is = 1.
When querying for data from all the sites, how to determine which site is taking the longest to search for data?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Na_Kang_Lim
You may be able to work this out based on the search log:
- Run your search
- Click on "Job" > "Inspect Job"
- Look under "Execution costs" for the "dispatch.stream.remote" section which lists each indexer queried and how long it took.
- and/or click the "Job Details Dashboard" link on the top of the job inspection page and scroll to the bottom to see "Time Spent Running Search Per Indexer"
Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards
Will
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @Na_Kang_Lim ,
only one additional information: search_factor=1 isn't a good configuration because having one indexer down, you don't have all the data available for searches, at least use SF=2, it's better, even if in this way you must use more storage space.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSF and SRF should be at least 2 (usually those are 2 or max 3, depending on how many sites you have).
Then there is also search affinity parameter which told are SHs using all sites or only their own site’s indexers when they are searching.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Na_Kang_Lim
You may be able to work this out based on the search log:
- Run your search
- Click on "Job" > "Inspect Job"
- Look under "Execution costs" for the "dispatch.stream.remote" section which lists each indexer queried and how long it took.
- and/or click the "Job Details Dashboard" link on the top of the job inspection page and scroll to the bottom to see "Time Spent Running Search Per Indexer"
Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards
Will
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is one blog post about job inspector. https://www.consist.de/de/unternehmen/blog/artikel/Splunk-Suchen-verstehen-mit-dem-Job-Inspector/ If needed google translator do quite good job to translate it if needed. At the end of it are some links which gives couple of excellent other presentations about it.
