How do I find a list of scheduled, saved searches in ES, specially the ones that run in real time? Can the Monitoring console be used for this purpose if yes, how please?
The MC doesn't have that information. You can get it from the SH on which the search is scheduled. Go to Settings->Searches, reports, and alerts or search for
| rest /services/saved/searches | search is_scheduled=1
Thank u for your message. I am also getting red alerts for delayed searches. I searched on answers.splunk.com they all blame the high priority scheduled / saved searches. Your SPL did not find any in my environment. So How do I find the true cause of delayed searches from your point of view ( I know there are many factors incl. (CPU, RAM) etc. Please advise & Thanks again.
As the risk of repeating myself, the cause of delayed searches is having to wait for other searches to complete. Search priorities are, in descending order: real-time, ad-hoc, scheduled, accelerations.
The Extended Search Reporting dashboard I referenced earlier (https://github.com/dpaper-splunk/public/blob/master/dashboards/extended_search_reporting.xml) presents information about your searches in various ways to help you identify problem spots.
Some focus points: