×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Sweets000
Engager
Member since: ‎01-13-2025
‎06-23-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-13-2025
View All

Re: Summarization searches not running on search h...

by in Splunk Enterprise Security
‎06-23-2025 11:19 PM
‎06-23-2025 11:19 PM
Thank you for the clear answer. Removed and working fine. Does Splunk ES documentation state this anywhere?  ... View more

Summarization searches not running on search head ...

by in Splunk Enterprise Security
‎06-19-2025 04:51 PM
‎06-19-2025 04:51 PM
Hello We deployed a new Splunk cluster containing a Cluster Manager, 3x SHC members, 6x Indexers. The cluster has hundreds of vCPUs in the SHC and Indexers, but after installing Enterprise Security 7.x we are seeing hundreds of skipped searches, specifically: The maximum number of concurrent historical scheduled searches on an instance or cluster reached The maximum number of concurrent auto-summarization searches reached Logs indicate the searches seem to be getting skipped on the CM (which only has 12 CPU cores). We followed the documentation to install ES on a distributed cluster: Install Splunk Enterprise Security in a search head cluster environment | Splunk Docs (We used the CM which is our deployer to push ES to the SHC via shcluster apps folder) Note: some summarization searches are running on the SHC members but the majority seem to be running on the CM. Would appreciate any ideas as this has me stumped! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-23-2025 08:14 PM
Karma given to
View All