skipped searches and why

_internal
sedi
You already voted!

Quickly identify high amounts of skipped searches in your cluster or standalone SH(s):

index = _internal skipped sourcetype=scheduler status=skipped host=[your splunk SH(s)] 
| stats count by app search_type reason savedsearch_name 
| sort -count

Adjust “[your splunk SH(s)]” to the SH(s) you want to check obviously ;)

Share This:

Tagged: optimization Performance skipped

Leave A Comment? Click here to cancel reply.

Newest | Active

banshee

Active 1 day, 2 hours ago
Яромир

Active 1 day, 8 hours ago
Борис

Active 1 day, 20 hours ago
Sanjai

Active 1 week ago
bewafaha

Active 1 week, 2 days ago