my splunk server has high CPU usage and I saw a bunch of splunkd process like below
search --id=admin__admin__search__search9_xxxxx.yyyyy --maxbuckets=0 --ttl=600 --maxout=500000 --maxtime=8640000 --lookups=1 --reduce_freq=10 --user=admin --pro --roles=admin:can_delete:power:user
These searches seem to run periodically.
How could I look up scheduled/ad-hoc searches name by these search_ids, and furthermore, to retrieve the search query content?
↧
