Each query that runs in the Humio cluster uses CPU and I/O resources, but how many varies from one query to another. Using the Query Monitor, cluster administrators can determine which query has the largest impact right now, or through the query’s runtime. If a query is using too many resources it can be temporarily shut down or completely blocked, prohibiting it from being run again.
The query monitor contains information about the queries running in the cluster. The main part of the query monitor is the tabular view that shows the top 1000 queries running, based on which columns you selected for sorting. By default, it sorts by the total cost of queries. The cost of a query is a combination of its CPU and memory usage. The Static and Live Cost columns reflects how much CPU and memory Humio used on historic and live queries, respectively.
By default, Humio shows information about the last 30 seconds of each query, but it’s possible to change the setting to show the full length of a query’s lifetime by clicking Total to the right of the Last 30 seconds button. The length of the lifetime of a query is shown in the Age column.
When selecting a query, you can see additional information in the bottom drawer. The Clients tab contains a list of all the clients using this query at the moment. If a query is using too many resources, or if you want to stop it for any other reason, look under the Block & Kill tab in the bottom drawer.
You can look up queries based on the content of either the query string or the query prefix (if one exists) and also what repository the query was executed against. You do this by using the text input box above the tabular list of queries.
In the topmost part of the query monitor, you can see how many queries are running and how many clients are connected in total. In addition, you can see the estimated number of bytes which Humio needs to load from disk in order for the currently running queries to finish processing the historic parts of the query.