Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it more efficient to search in the main index with data from the summary index?

vijaykumartcs
Explorer
‎09-27-2017 12:43 AM

i have created a dashboard with 6 panel's, with last 7days time frame (from today) for transaction's count between the A-b, B-c, C-D applications, daily more than 1lakh + transactions are flowing, no i want to use summary index for improving the performance.

As summary index run's fast searches, My requirement is, i want to use the regular index for capturing today's data and for last 6 days it should capture the data from summary index.

Please help me with the queries and commands which i can use.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-27-2017 02:08 AM

Hi @vijaykumartcs,

You can use append command in your splunk query so your query will be index=<index name> earliest=@d latest=now .... your search..... | append [ search index=<summary index> earliest=-7d@d latest=@d ..... your search ..... ]

You can change earlist and latest value based on your requirement.

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...