Searches to check search concurrency for historical or real time

_internal
rsimmons
You already voted!

The following Splunk search will output historical or real time concurrency in a timechart by host.

*NOTE* Change the text <search_head> to your search heads name, alternatively use a *.

index=_internal host= source=*metrics.log group=search_concurrency "system total" NOT user=* | timechart max(active_hist_searches) by host

index=_internal host= source=*metrics.log group=search_concurrency "system total" NOT user=* | timechart max(active_realtime_searches) by host

Share This:

Tagged: audit concurrency internal search users

Leave A Comment? Click here to cancel reply.

Newest | Active

banshee

Active 4 hours, 59 minutes ago
Яромир

Active 10 hours, 42 minutes ago
Борис

Active 23 hours, 31 minutes ago
Sanjai

Active 6 days, 14 hours ago
bewafaha

Active 1 week, 1 day ago