Splunk Search

What are "SummaryDirectory" processes referring to on an indexer?



I noticed some processes running on the indexer today with the phrase "SummaryDirector" in the command-line. Can someone tell me what those are and what they do?

I also see a bunch of "subsearch_summarize" processes on the search-head. What are these? Sorry, don't recall seeing either one of these in 6.1.

0 Karma


SummaryDirector processes are around the maintenance activities that Splunk runs in the background around search cache and summarization needed to ensure buckets and search are processed.

Most of this is defined in the limits.conf.spec file for more background.

There is another good answers post on some of this here as well: