Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Splunk 7.x Quick Start Guide Gain business data insights from operational intelligence

Product type Paperback

Published in Nov 2018

Publisher Packt

ISBN-13 9781789531091

Length 298 pages

Edition 1st Edition

Tools

Splunk

Concepts

Operational Intelligence

Author (1):

James H. Baxter

View More author details

Table of Contents (12) Chapters

Preface

1. Introduction to Splunk FREE CHAPTER

2. Architecting Splunk

3. Installing and Configuring Splunk

4. Getting Data into Splunk

5. Administering Splunk Apps and Users

6. Searching with Splunk

7. Splunk Knowledge Objects

8. Splunk Reports, Dashboards, and Alerts

9. Splunk Applications

10. Advanced Splunk

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Performance and capacity

In this section, I'll provide a few searches that are helpful for interrogating some performance and capacity aspects of your Splunk deployment; these are in addition to a number of useful displays you can get from the Monitoring Console, which we'll cover in the 'Splunk monitoring console' section of this chapter shortly:

How quickly are indexers responding to search heads? (run on a search head) This could identify a search that is poorly written. The results indicate the search ID (search_id), and you can match the values in the results to directory names in the $SPLUNK_HOME/var/run/splunk/dispatch directory if you want to inspect the search artifacts. Here's the search:

index=_internal source=*remote_searches.log 
| stats max(elapsedTime) as MaxElapsedTime by server, search_id 
| convert num(MaxElapsedTime) | where MaxElapsedTime...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.

See other products by James H. Baxter