Getting Data In

How to detect cause & source of Search delays on Splunk Ent. In a clustered SH + Indexer environment. Thank u

SamHTexas
Builder

This includes High priority mostly. How do I view a list & provide a solution please. The error indicating the delays shows up as error message on the Ent. & even the ES server we have. Thanks a million.

Labels (2)
Tags (1)
0 Karma

tshah-splunk
Splunk Employee
Splunk Employee

There's a dashboard in Monitoring Console which displays the list of scheduled searches, their skip ratio and also the reason for them being skipped. You can navigate to it from Settings -> Monitoring Console -> Search -> Scheduler Activity -> Scheduler Activity: Instance

Under this dashboard when you scroll down, there's a panel named "Count of Skipped Reports by Name and Reason

Let me know if this helps your objective.

---
If you find the answer helpful, an upvote/karma is appreciated

SamHTexas
Builder

How would I do this on the ES? Does the MC has to be in Distributed mode? Thx a bunch.

Tags (1)
0 Karma

tshah-splunk
Splunk Employee
Splunk Employee

Monitoring Console can work on Standalone mode as well. If you want the whole environment to be monitored via Monitoring Console, then all the Splunk Components should be added as distributed search peer to the monitoring console. You can find the related information here - https://docs.splunk.com/Documentation/Splunk/8.2.4/DMC/Addinstancesassearchpeers
https://docs.splunk.com/Documentation/Splunk/8.2.4/DMC/Deploymentsetupsteps 

To configure monitoring console for standalone environment, find reference here - https://docs.splunk.com/Documentation/Splunk/8.2.4/DMC/Configureinstandalonemode 
https://docs.splunk.com/Documentation/Splunk/8.2.4/DMC/Singleinstancesetup 

---
If you find the answer helpful, an upvote/karma is appreciated
0 Karma
Get Updates on the Splunk Community!

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...