Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Dashboard Performance - Saved Report or Inline Search

HeinzWaescher
Motivator
‎11-13-2013 03:21 AM

Hi,

I would like to set up some Dashboards to aggregate several search results on one page,
but I'm not sure about the exact difference between the "inline search" and "report"? Will the "inline search" run all searches again, so this type of panel will use a lot of performance (but will always be up to date)? Whereas the report-dashboard is using the results of each reports last run? So the report would be much better regarding performance issues?

Best

Heinz

Tags (2)
Reply

MuS
SplunkTrust
SplunkTrust
‎11-13-2013 04:29 AM

Hi HeinzWaescher,

like most of the Splunk related stuff; it all depends what you are trying to achieve.

For example

  • inline search cannot be accelerated, but can use saved search results
  • saved searches can be accelerated, if your result supports it (like stats output)
  • you can create a single dashboard with only one search and postprocess the result in different graphs if the base data for all graphs is the same, see this

In the end it is up to your needs and some try and error approach to setup THE dashboard for your needs.

Update: Not to forget the summary index and how to use it to increase report efficiency, see this docs


Hope this helps ...

cheers, MuS

Reply

HeinzWaescher
Motivator
‎11-13-2013 05:23 AM

Hey,

thanks for your answer. At the moment I just want to bring some results together and expected, that the results of saved searches and inline search are different in the dashboard. Because when I Clone a saved search to an inline search, Splunk tells me "The inline search: Will run every time the dashboard is loaded". So I expected that a saved search will use some kind of stored results and is much faster.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

To help practitioners build a stronger foundation, we launched the Data Management & Federation ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...