topic Speed up Search while in Getting Data In

Speed up Search while

splumtk1 — Wed, 30 Sep 2020 04:29:41 GMT

Hi Currently I have some JSON files in this structure :
{
{ Meta: .... }
{ Data: A,
B: [ {key: value_b1}, {key:value_b2} ... ]
}
In order to show the nested data properly, the JSON is transformed such each nested data is given individual Meta tags:
{
{ Meta: .... }
{ Data: B: {key:value_b1} }
}
{
{ Meta: .... }
{ Data: B: {key:value_b2} }
}
But this resulted in around 200,000 events per JSON file which slows down the dashboard searches, may I know what will be a good way to keep it to 1 events per JSON file while retaining the nested data structures?

Thank you

Re: Speed up Search while

to4kawa — Thu, 05 Mar 2020 07:51:06 GMT

the dashboard searches
what do you search?

to keep it to 1 events per JSON file while retaining the nested data structures?
I'm not sure what you say.
Statistics OR Events ?

If your JSON is valid, | spath is useful.
but But this resulted in around 200,000 events per JSON file
your query is not good, maybe.

Re: Speed up Search while

niketn — Thu, 05 Mar 2020 07:56:32 GMT

@splumtk1, if this is JSON data have you turned on INDEXED_EXTRACTION=json? If so are you using tstats in the query?