Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionAutomatically finds common problems in your splunk instance! Easy-to-use app that runs through the most common problems on splunk servers and in Splunk apps!
|
Short, sweet and simple - there should be more apps like this. Alternatively, these types of searches could simply be documented somewhere for everyone to view and use.
The best search on here so far is the "% of events pulled off disk that are actually used, for the worst offending savedsearch" - very enlightening...
I would keep building this out with some more searches. For example:
- Searches that are taking an inordinate amount of time to run in general
- Searches that take longer to run than the schedule they are running on (e.g. a search that runs every hour taking over an hour to complete)
- Searches that are on a ridiculous schedule (e.g. searches that run every 5 mins should probably be realtime)
- Searches that run according to a regular schedule, but look back much further in the past (e.g. searches that run every hour that look back over 30 days - suggest summary indexing should be used)
Thanks Paul! I'd love for you and others to suggest more searches and I'll add them.
a must have app! finds problems.
