Splunk Search

How to use the new scheduler most efficently?



I've got hundreds of searches that are scheduled ervry night from 00:00 to 6:00. It does not matter when they will be finished unless it is before 7:00.
What is the best approach to use the new scheduler in Splunk 6.3 for this usecase? As far as understand it, it could be a good option to schedule all searches at 00:00 and setup a window of 6 hours. So the scheduler would be able to run the searches most efficently. Is this a correct assumption or could it cause problems to schedule all search at once?

Thanks in advance

0 Karma


Hi Heinz, that seems reasonable based on my reading of the documentation. More info can be found here: https://conf.splunk.com/session/2015/conf2015_PLucas_Splunk_SplunkEntWhatsNew_MakingTheMostOf.pdf

Please let me know if this helps!


Too me as well, but I'm not sure whether this is intended 😉
That's a great talk about the scheduler changes!

0 Karma
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...