Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Graph of log count only and avoid search result system load because there are soooo many events to return.

agoktas
Communicator
‎01-26-2016 10:15 AM

I have a few searches I want to dashboard that display log events over a week, then another graph for events over a month.

The problem is that there are millions of events weekly and am curious if there is an optimized way I can display log counts w/o a huge search that will take too long.

So really to query the number of items, but not return event specific detail/results.

Thanks!

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎01-26-2016 10:38 AM

It would be tough to suggest you something without looking at your queries, but you can utilize summary indexing to pre-calculate the daily/weekly/monthly summary data you want and run your dashboard on summary data. See more details here

http://docs.splunk.com/Documentation/Splunk/6.0.2/Knowledge/Usesummaryindexing

http://www.splunk.com/view/SP-CAAACZW

https://wiki.splunk.com/Community:Summary_Indexing

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...