Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Identify searches that take long time in a SH Cluster.

sarnagar
Contributor
‎03-09-2017 03:00 AM

Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splunk query?

I m aware of the DMC, But since my DMC is available on ONLY the License server , I would like to run a query on SH to check this.

Is it possible? Kindly help.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

View solution in original post

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎03-09-2017 11:53 AM

Hey @saranya_fmr - You're going to spend more time reinventing the wheel than just getting the DMC set up. I'll email you so we can get that going as it will be immensely more valuable and sooo easy to accomplish.

Spoiler Alert: http://docs.splunk.com/Documentation/Splunk/latest/DMC/Deploymentsetupsteps

Reply
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

Reply
Solved! Jump to solution

saranya_fmr
Communicator
‎03-09-2017 03:28 AM

Hi @ctaf ,

Could you please how to filter out the results such that I can view only certain fields that I want, cos this search produces loads of info.

0 Karma
Reply
Solved! Jump to solution

ctaf
Contributor
‎03-09-2017 04:33 AM

You can always filter the fields with the table command. Here is an example:

|rest /services/search/jobs splunk_server=local  | table author, title, dispatchState diskUsage, runDuration
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...