I'm running Splunk 6.2, with the setup of 1 Search Head and 3 Indexers.
the users have been complaining for a while for slow response during searches.
The instances are running on VM's, each of them got 8 CPU cores and 16 GB of RAM - yet I think that maybe it is possible to change the setting that Splunk will use most of it since it doesn't !
the indexers are collecting data for up to 2 months, total of less than 10GB per day (all of them together).
any suggestions ? how do I test the speed ? how do I make it faster ?
... View more