Splunk Search

What are "SummaryDirectory" processes referring to on an indexer?



I noticed some processes running on the indexer today with the phrase "SummaryDirector" in the command-line. Can someone tell me what those are and what they do?

I also see a bunch of "subsearch_summarize" processes on the search-head. What are these? Sorry, don't recall seeing either one of these in 6.1.

0 Karma


SummaryDirector processes are around the maintenance activities that Splunk runs in the background around search cache and summarization needed to ensure buckets and search are processed.

Most of this is defined in the limits.conf.spec file for more background.

There is another good answers post on some of this here as well:


State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!