I have 30 realtime e-mail alerts configured in splunk.
In Splunk Manager, it shows that all these searches have been scheduled. I can see the timestamps for all these searches in the schedule column in manager.
However, when I visit the job manager window, I can not find all these 30 jobs with status=running. I can find only 17 of them and 3 others totaling to 21.
Following settings have been applied to limits.conf files found in /etc/system/local as well as /etc/system/default.
max_searches_per_cpu = 4
base_max_searches = 6
max_rt_search_multiplier = 3
My hardware has a CPU with 2 cores.
My splunk version = 5.0.2
... View more