Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why do I receive error "system wide historical concurrent searches quota has been reached"?

ankithreddy777
Contributor
‎01-05-2017 01:18 PM

we have 10 indexers with 16 CPU cores each. Our replication is 4
base_searches=6 and max_searches_per_cpu =1.

I am getting an error stating
"system wide concurrent searches has be reached, maximum=38 current=38".

I assume that if indexer has 16 cores, system wide limit should = base_searches+max_searches per_cpu*number of cpu=6+1*16 =22

But why I am getting the error with 38 limit?

0 Karma
Reply

sowings
Splunk Employee
Splunk Employee
‎01-05-2017 03:38 PM

This limit is actually enforced by the search head, not the indexers. The limit of 38 would be reflected as 6 + the number of cores in your search head, which I'm guessing is 32.

0 Karma
Reply

ankithreddy777
Contributor
‎01-06-2017 12:42 PM

My search head has 16 cores with max_searches_per_cpu setting =1

0 Karma
Reply

somesoni2
Revered Legend
‎01-05-2017 01:39 PM

Are you using Search Head Clustering?

0 Karma
Reply

ankithreddy777
Contributor
‎01-05-2017 01:45 PM

we are not using search head clustering

0 Karma
Reply

somesoni2
Revered Legend
‎01-05-2017 01:58 PM

Can you run following search see what is the numberOfCores identified by Splunk?

| rest /services/server/info splunk_server=local | table host numberOfCores
0 Karma
Reply

ankithreddy777
Contributor
‎01-05-2017 03:36 PM

Its giving number of cores on server(which is SH)= 16

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...