Hi @alexspunkshell, At first, some quick questions: what's your hardware configuration (CPUs and RAM)? did you used the recommended hardware references? https://docs.splunk.com/Documentation/Splunk/8.2.1/Capacity/Referencehardware which apps are you using? Enterprise Security, Security Essentials, etc... what storage are you using? (Splunk recommends at least 800 IOPS). If you're using a correct HW configuration and you haven't special requirements from some App, you can see if there are some heavy scheduled searches that make your system busy. E.g., if you're using Real Time Searches, you tale a CPU for each search you're sunning, so if you have some real time search with one or two subsearches you're filling your system. Then, are you usung searches with transaction or join commands? they are very expensive for resources. You can check the running searches, as @richgalloway said, using the Monitoring Console [Settings -- Resource Usage -- CPU Usage: Instance]. Ciao. Giuseppe
... View more