Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there a way to monitor the number of files in the dispatch directory over time?

robertlynch2020
Influencer
‎09-30-2024 08:05 AM

Hi 

I am looking to monitor the dispatch directory over time.

I know I can get the current results by using this

| rest /services/search/jobs | stats count

But I am looking to run the test over 1 minute and have a breakdown per minute of the increase in dispatch over time.

Rob 

Labels (1)
Labels
0 Karma
Reply

robertlynch2020
Influencer
‎09-30-2024 09:07 AM

Hi

https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-monitor-the-number-of-files-in-the-d...

This gives me the current dispatch count - I am looking to make a time chart. Using rest _time does not come back so I can't make a time chart.

I am thinking if I run the command each minute in a saved search and output to a .csv with a timestamp that might work!

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-30-2024 09:38 AM
Are you looking dispatch directory or how many search jobs are running? If later then you can use _audit index to get number of jobs.
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-30-2024 08:36 AM

This has been answered here: https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-monitor-the-number-of-files-in-the-d...

You can leverage this search and see if that helps for your monitoring.

index=_internal sourcetype=splunkd The number of search artifacts in the dispatch directory is higher than recommended TERM(count=*)
| timechart span=1h max(count)

 

 

Please upvote if this is helpful.

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...