Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Identify searches that take long time in a SH Cluster.

sarnagar
Contributor
‎03-09-2017 03:00 AM

Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splunk query?

I m aware of the DMC, But since my DMC is available on ONLY the License server , I would like to run a query on SH to check this.

Is it possible? Kindly help.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

View solution in original post

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎03-09-2017 11:53 AM

Hey @saranya_fmr - You're going to spend more time reinventing the wheel than just getting the DMC set up. I'll email you so we can get that going as it will be immensely more valuable and sooo easy to accomplish.

Spoiler Alert: http://docs.splunk.com/Documentation/Splunk/latest/DMC/Deploymentsetupsteps

Reply
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

Reply
Solved! Jump to solution

saranya_fmr
Communicator
‎03-09-2017 03:28 AM

Hi @ctaf ,

Could you please how to filter out the results such that I can view only certain fields that I want, cos this search produces loads of info.

0 Karma
Reply
Solved! Jump to solution

ctaf
Contributor
‎03-09-2017 04:33 AM

You can always filter the fields with the table command. Here is an example:

|rest /services/search/jobs splunk_server=local  | table author, title, dispatchState diskUsage, runDuration
0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...