Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do you control look ups in a multi-panel dashboard?

sarge338
Explorer
‎04-03-2019 11:08 AM

Hello

I have a regular report that I have to provide to a customer, and we are utilizing Splunk as the mechanism to retrieve the data from the source. The dataset is too large to pull down and process locally, so I have several different look-ups written to pull specific data views for the report. However, since we are connecting to an external database to pull the data, I would like to limit the "hit" that database takes at one time.

With that said, is there a way to "control" how Splunk executes panel look ups? For instance, panel 1 executes immediately. After panel one contains data, panel 2 executes. After panel 2 contains data, panel 3 executes. And so on...

I have seen one strategy that basically has sub-searches off of one master search's data, but again, that data set would be so big, I don't know that a master search would even complete. Hence, I am looking for other options. Otherwise, I will continue to have to run individual look ups manually, which is not efficient.

Thank you.

0 Karma
Reply

niketnilay
Legend
‎04-03-2019 11:23 AM

@sarge338 refer to one of my answers which runs the searches one at a time only after previous one completes.

https://answers.splunk.com/answers/683826/how-do-you-set-the-order-of-queries-to-be-run-in-a.html

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

sarge338
Explorer
‎04-03-2019 12:06 PM

@niketnilay that looks JUST like what I'm looking for! I'll give that a shot, and let you know how it goes!

Thanks!!

0 Karma
Reply

sarge338
Explorer
‎05-06-2019 06:37 AM

That worked beautifully! Now my entire dashboard can populate without straining the database.

Thanks!!

0 Karma
Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!