Since these match the startup messages in Splunk, it’s a pretty good assumption that our search heads in this deployment are c5.9xl and c5.18xl instances, respectively.
Curious about other instances in your environment (such as indexers)? You can do the same type of search by simply changing the host entry from
host="sh-*.splunkcloud.com" to something like
host="idx-*.splunkcloud.com" instead. Note that these are typically i3 or i3en instances in most current Splunk Cloud stacks. Also, if you’re trying to identify the resources on any system sending data to Splunk, this approach works for universal forwarders too.
Having a quick way to determine what CPU and memory resources are available on your Splunk search head can help you be better informed when troubleshooting potential issues in your environment.