Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I investigate delayed searched reported in Health status under Splunkd

SamHTexas
Builder
‎03-27-2021 03:00 PM

I keep getting delayed searches marked in red "Health Status - Splunkd". How do I investigate and fix this issue?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

tscroggins
Motivator
‎03-27-2021 04:45 PM

@SamHTexas 

The simplest method is the local monitoring console. Click Settings > Monitoring Console. In the app bar, click Search > Scheduler Activity: Instance. In the Historical Charts section of the dashboard, you can see various panels related to search scheduling.

If you find many deferred searches, you have three options:

1. Optimize scheduled searches.
2. Adjust limits. See https://docs.splunk.com/Documentation/Splunk/latest/Admin/Limitsconf#Concurrency.
3. Add CPUs. (This is often Splunk's recommendation, but try optimization first.)

0 Karma
Reply

SamHTexas
Builder
‎03-28-2021 12:36 PM

Thank u. In the historical section.  I see "no results found" and 0 for total historical chart area ( at bottom left). No matter what I change in the time range or group by items, nothing happens. Please advise.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...