Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

saved search to improve the dashboard performance

selvam_sekar
Path Finder
‎12-20-2023 10:48 PM

Hi,

My dashboard seems to be taking around 1.3 mints to load the data for multiple panels and sometime it takes around 4 mints to load the data. My client come up with an requirement to get 'auto refresh" feature  enabled for the dashboard with 15 mints intervals.

I used base search and the base search intern uses the | tstats. I am not familiar with save search or scheduled serch or loadjob.

Please could you advise? how to implement the feature

Thanks,

Selvam.

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-20-2023 10:54 PM

Hi @selvam_sekar,

you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing

My hint is to use Datamodels or Summary indexes.

About the second, you have to schedule your searches with a frequency to defin based on the time for the search execution and your refresh requirements.

So you can save the results in a summary index and then run your search on the aggregated values that you have in the summary index.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-20-2023 10:54 PM

Hi @selvam_sekar,

you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing

My hint is to use Datamodels or Summary indexes.

About the second, you have to schedule your searches with a frequency to defin based on the time for the search execution and your refresh requirements.

So you can save the results in a summary index and then run your search on the aggregated values that you have in the summary index.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

selvam_sekar
Path Finder
‎12-20-2023 11:18 PM

sure, thanks for the note @gcusello . summary index or scheduled search both are same?

 

Please could you suggest, how to implement the scheduled search ?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-21-2023 01:58 AM

Hi @selvam_sekar,

they are two different thing to use in different situations:

sheduled searches can be used when you have a fixed search to display in a panel, e.g. to replace a Real Time Search.

Summeary index is the best solution if you want to pre-elaborate your results and leave the users to aggregate as whey want the already elaborated results.

I usually use summary indexes.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...