Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Graph of log count only and avoid search result system load because there are soooo many events to return.

agoktas
Communicator
‎01-26-2016 10:15 AM

I have a few searches I want to dashboard that display log events over a week, then another graph for events over a month.

The problem is that there are millions of events weekly and am curious if there is an optimized way I can display log counts w/o a huge search that will take too long.

So really to query the number of items, but not return event specific detail/results.

Thanks!

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎01-26-2016 10:38 AM

It would be tough to suggest you something without looking at your queries, but you can utilize summary indexing to pre-calculate the daily/weekly/monthly summary data you want and run your dashboard on summary data. See more details here

http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Usesummaryindexing

http://www.splunk.com/view/SP-CAAACZW

https://wiki.splunk.com/Community:Summary_Indexing

0 Karma
Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...