Solved: Identify searches that take long time in a SH Clus...

sarnagar · ‎03-09-2017

Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splunk query?

I m aware of the DMC, But since my DMC is available on ONLY the License server , I would like to run a query on SH to check this.

Is it possible? Kindly help.

ctaf · ‎03-09-2017

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

View solution in original post

sloshburch · ‎03-09-2017

Hey @saranya_fmr - You're going to spend more time reinventing the wheel than just getting the DMC set up. I'll email you so we can get that going as it will be immensely more valuable and sooo easy to accomplish.

Spoiler Alert: http://docs.splunk.com/Documentation/Splunk/latest/DMC/Deploymentsetupsteps

ctaf · ‎03-09-2017

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

saranya_fmr · ‎03-09-2017

Hi @ctaf ,

Could you please how to filter out the results such that I can view only certain fields that I want, cos this search produces loads of info.

ctaf · ‎03-09-2017

You can always filter the fields with the table command. Here is an example:

|rest /services/search/jobs splunk_server=local  | table author, title, dispatchState diskUsage, runDuration

Identify searches that take long time in a SH Cluster.

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!