Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Real Time Searches

nikhilmehra79
Path Finder
‎12-31-2013 02:25 PM

Any disadvantages if we are running real time searches and alerting using those, currently we are testing few functionalities in Dev/PreProd - but want to pick brain of exp community members if they can point to performance degradation issues if you run real time searches say Every Minute of less - and alert on them, or is better to increase time duration or Schedule searches...please advise.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

linu1988
Champion
‎12-31-2013 02:59 PM

Hello Nikhil,
Real-Time searches does require CPU most of the time. But unless necessary you can just schedule them to run every 1 min/2 mins. The real-time alerts definitely works and depends on your server configuration how much it can dedicate for alerts ,dedicated searches for user, scheduled searches. You can take a look in limits.conf for the CPU and search calculations.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

linu1988
Champion
‎12-31-2013 02:59 PM

Hello Nikhil,
Real-Time searches does require CPU most of the time. But unless necessary you can just schedule them to run every 1 min/2 mins. The real-time alerts definitely works and depends on your server configuration how much it can dedicate for alerts ,dedicated searches for user, scheduled searches. You can take a look in limits.conf for the CPU and search calculations.

0 Karma
Reply
Solved! Jump to solution

nikhilmehra79
Path Finder
‎12-31-2013 04:13 PM

Thanks...so i am assuming advisable will be to schedule searches every 5-15 minutes etc (depend on your need as against doing same using Real time searches)

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...