Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I improve configurations in Splunk so that searches run faster?

guillecasco
Path Finder
‎01-17-2017 06:18 AM

Simple queries are taking up to 15 or 20 seconds. I checked in Settings/distributed management console and the indexing rate is of 5.26 Kb/s. Is this a low parameter configuration? How can i improve or configure things on Splunk so searches don't take too much time? What other parameters i should take into account or modify in Splunk configuration?
I don't have access to Splunk server right now, i just have access to the Splunk Web interface with the admin account by the moment. Is there something i can do from here?
In overview, i'm also seeing: Splunk Enterprise Server 6.4.0
Linux, 3.68 GB Physical Memory, 1 CPU Cores. Does this accomplish with the server requirements to run Splunk?

0 Karma
Reply

guillecasco
Path Finder
‎01-17-2017 06:53 AM

yes i have read this, also about the minimum hardware requirements, which i think it´s ok there. But also would like to know what should be the indexing rate? and how is related with the speed of searches.
is 5.26 Kb/s too slow? just slow? is normal?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...