Splunk Search

How to find historical concurrent searches?

kteng2024
Path Finder

hi,

Is there any search or way to find the historical concurrent searches in Splunk? I would like to know trend in the increased number of concurrent searches.

0 Karma
1 Solution

masonmorales
Influencer

I use this one as a stacked column chart...
index=_internal sourcetype=splunkd source=*metrics.log group=search_concurrency user=* host=mysearchhead
| timechart avg(active_hist_searches) as "Historical Searches" avg(active_realtime_searches) as "Real-time Searches" by user useother=f limit=20

View solution in original post

masonmorales
Influencer

I use this one as a stacked column chart...
index=_internal sourcetype=splunkd source=*metrics.log group=search_concurrency user=* host=mysearchhead
| timechart avg(active_hist_searches) as "Historical Searches" avg(active_realtime_searches) as "Real-time Searches" by user useother=f limit=20

Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...