Hi,
We have a single server machine, where Splunk enterprise edition is installed.
Configurations,
CPU - 1
Cores - 8
RAM - 32 GB
We have implemented several dashboards, charts and tables. Also, where more than 5 users will concurrently access these datas. Due to which, we faced lot of performance issue, such as waiting for queue or maximum concurrent search was reached.
Because of which we were forced to change the default configuration in limit.conf and update the following attributes,
max_searches_per_cpu=4
base_max_searches=6
Now, according to the formula,
No of Concurrent searches = 4 *(1*8) + 6 = 38 (as per my understanding it will handle 38 searches concurrently)
After the changes,
Where it reaches max of 56 concurrent searches and CPU usage of around 80 to 90 percent.
Questions,
Is this configuration is recommended? please suggest the nos for the attributes or alternate approach for the current system configurations?
Many thanks.
... View more