All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Timeline graph slow in rendering for large data

AKG1_old1
Builder
‎11-13-2018 09:08 AM

Hello,

I am using Time line in my dashboard. In case of large data say 10k, it takes 2-3 minutes to render on screen. Eventhough my query finished in only 1 sec. Even my whole dashboard freeze during rendering.

Is there any workaround for this issue ?

Timeline App Version = 1.1.0

Search Query:

| tstats summariesonly=true max(All_TPS_Logs.duration) AS duration max(All_TPS_Logs.context.id) AS ID values(All_TPS_Logs.Engine_ID) AS Engine_ID values(All_TPS_Logs.no_of_threads) AS No_of_Threads values(All_TPS_Logs.operationIdentity) AS operationIdentity FROM datamodel=TPS_V5 WHERE (nodename=All_TPS_Logs host=Luas_TestCampaign_PI9 All_TPS_Logs.operationIdentity="*processBatch*" All_TPS_Logs.Engine_ID = "196") GROUPBY All_TPS_Logs.riskGroup, _time span=1s
| rename All_TPS_Logs.riskGroup as riskGroup
| makemv riskGroup delim="\s" 
| eval RiskGroup_ID=riskGroup."_".ID
| sort 0 _time
| table _time RiskGroup_ID No_of_Threads duration

alt text

Preview file
1 KB
0 Karma
Reply

bandit
Motivator
‎11-13-2018 07:11 PM

Try moving your where clause before the first pipe, right before the FROM datamodel syntax. This should cause fewer records to be returned from the first part of the query. If that doesn't work, try pasting your full query as it's hard to see from just the screenshot.

Reply

AKG1_old1
Builder
‎11-14-2018 02:40 AM

@rob_jordan : thanks for reply. I have added search query in question. I have changed where clasue as you suggested but it doen't make much difference. If I convert results in table then its really quick. I think issue is with Timeline chart. we are using Timeline is few other dashboards and all of them are slow for large data.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...