Is there a search I can run that will identify expensive searches across our enterprise environment? We are finding many searches that users have setup that are causing our indexers to grind to a near halt at certain times of the day.
Take a look at 'Splunk on Splunk' as a plug-in. It's a great tool. This extends the standard (which I assume you've already seen) stats in the Search > Status > Search Activity info. SoS shows you the issues whether disk related, paging and memory.
Good luck 😉
Thanks Dave, Yes im familiar with SoS and use it often, i guess more specifically i want to identify real time searches and who is running them.