I am executing a search like the following:
index=x sourcetype=t | eval {Property} = Value | stats latest by ID
This takes memory proportional to the amount of rows, and for all time, that m...
Hello, everyone!
I was encountered with weird problem. I have the following search:
| tstats `summariesonly` count by source, host, index, sourcetype | table source, host, index, sourcetype | stats...
We've recently run into some users that have run searches which resulted in Splunk Indexers crashing. I'm looking for some suggestions to A. prevent a user from running a high memory usage searchand...
...28GB memory, Raid 0 15K SAS + SSD cache) and much longer on the new hosted splunkstorm service. My question is if this level of performance should be expected for this amount of data and this type of search...
We had recently Search Heads crashing and it seems that queries which consume 11-12 GBs of memory cause the crashes.
We are trying the following search but it returns 0 results for the past w...
Does anyone have any ball park performance figures for what a kv store should perform like with 5mill+ entries for the specs below?
I have a kv store with around 5.5 million entries and it takes o...
Hi,
we are experiencing severe performance problems with a search head and could not really find a cause for this. So I hope to get a few more hints or ideas.
The problem shows in the SH being e...
...ound below queries . But couldn't get one for memory usage. Average CPU : index=os host=hostname sourcetype=cpu | multikv | search CPU="all" | eval pctCPU=100-pctIdle | stats avg(pctCPU) by host For m...
I'd like to have some opinions on the following search. We're not thrilled with it's performance, and I'm sure theres a lot of potential to improve it.
What is the search supposed to do: This i...
...arliest="01-12-2021T00:00:00" latest="02-12-2021T23:59:00" | stats values(_time) as Time by UserName | eval i = mvrange(0,20) | mvexpand i | eval reconnection=if(UserName==UserName, tonumber(mvindex(Time,i...