Splunk Search

Query to get the search which consumed more memory and CPU for the past 1 hour

msplunk33
Path Finder

SPL query to get the ADHOC search or saved search (with user info) which consumed maximum memory and CPU for the past 1 hour

Labels (1)
Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Is that a question or an offer?  If the former, what have you tried so far?  Have you checked the Monitoring Console?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

msplunk33
Path Finder

Sorry for the vague question. It is a question. I want run the query to get this value so that I can make a  scheduled report.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.