Like the title says - how are individual searches in a multisearch handled?
Are they distributed across any/all available search slots on any/all available Search Heads? Or do they only run on the Search Head that initiates the search?
Say you have several Search Heads in a Search Head Cluster.
And you have a multisearch like the following:
| multisearch
[| search index=ndxA sourcetype=srctpA fieldA=*
| fields fieldA ]
[| search index=ndxB sourcetype=srctpB fieldA=* fieldB=*
| fields fieldA fieldB ]
[| search index=ndxC sourcetype=srctpC fieldB=*
| fields fieldB ]
[| inputlookup MyFancyLookup where myLField1=G*
| fields myLField1 fieldA fieldB ]
| fillnull value="-" fieldA fieldB myLField1
| stats count by fieldA fieldB myLField1
Will each of the | search or | inputlookup lines run, potentially, on a different Search Head? Or will they all be run from the initiating Search Head?
