Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Identify searches that take long time in a SH Cluster.

sarnagar
Contributor
‎03-09-2017 03:00 AM

Is there a way to find out which query i staking long time and consuming more CPU and memeory utilisation via a splunk query?

I m aware of the DMC, But since my DMC is available on ONLY the License server , I would like to run a query on SH to check this.

Is it possible? Kindly help.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

View solution in original post

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎03-09-2017 11:53 AM

Hey @saranya_fmr - You're going to spend more time reinventing the wheel than just getting the DMC set up. I'll email you so we can get that going as it will be immensely more valuable and sooo easy to accomplish.

Spoiler Alert: http://docs.splunk.com/Documentation/Splunk/latest/DMC/Deploymentsetupsteps

Reply
Solved! Jump to solution
Solution

ctaf
Contributor
‎03-09-2017 03:14 AM

Hi,

The rest "search/jobs" endpoint can help you:
http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTsearch

Command:

|rest /services/search/jobs splunk_server=local

You have several interesting fields on which you can filter:
diskUsage, runDuration, performance

Reply
Solved! Jump to solution

saranya_fmr
Communicator
‎03-09-2017 03:28 AM

Hi @ctaf ,

Could you please how to filter out the results such that I can view only certain fields that I want, cos this search produces loads of info.

0 Karma
Reply
Solved! Jump to solution

ctaf
Contributor
‎03-09-2017 04:33 AM

You can always filter the fields with the table command. Here is an example:

|rest /services/search/jobs splunk_server=local  | table author, title, dispatchState diskUsage, runDuration
0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...