All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SQL DBX Query is taking 500 seconds to execute the query

Ashwini008
Builder
‎09-16-2021 11:30 AM

Hi,

I am using dbxquery to fetch around 800000 data from database into splunk

| dbxquery connection=x query="select * from table002 " shortnames=t maxrows=800000

The above query is taking around 500 seconds.The default maxrow is 1000 in dbxquery.py script.How do reduce the time taken without impaction performance of my server?

P.S | noop search_optimization=false This doesnt improve my search time

 

Ashwini008_0-1631817021695.png

 

 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-16-2021 12:03 PM

Firstly - do I understand correctly from your log that you're returning several hundred thousand records from db query and then do a search filtering it down to 27 records? If so, that's kinda... unwise.

Secondly - what's your memory status? (free, used, swap and so on. Are you not swapping out?

Thirdly - if you do a "normal" query using a bare cli client - does it also take that long? In short - are you sure it's splunk's fault?

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...