Splunk Search

Is there a way to monitor the number of files in the dispatch directory over time?

robertlynch2020
Influencer

Hi 

I am looking to monitor the dispatch directory over time.

I know I can get the current results by using this

| rest /services/search/jobs | stats count

But I am looking to run the test over 1 minute and have a breakdown per minute of the increase in dispatch over time.

Rob 

Labels (1)
0 Karma

robertlynch2020
Influencer

Hi

https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-monitor-the-number-of-files-in-the-d...

This gives me the current dispatch count - I am looking to make a time chart. Using rest _time does not come back so I can't make a time chart.

I am thinking if I run the command each minute in a saved search and output to a .csv with a timestamp that might work!

0 Karma

isoutamo
SplunkTrust
SplunkTrust
Are you looking dispatch directory or how many search jobs are running? If later then you can use _audit index to get number of jobs.
0 Karma

sainag_splunk
Splunk Employee
Splunk Employee

This has been answered here: https://community.splunk.com/t5/Splunk-Search/Is-there-a-way-to-monitor-the-number-of-files-in-the-d...

You can leverage this search and see if that helps for your monitoring.

index=_internal sourcetype=splunkd The number of search artifacts in the dispatch directory is higher than recommended TERM(count=*)
| timechart span=1h max(count)

 

 

Please upvote if this is helpful.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...