Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it more efficient to search in the main index with data from the summary index?

vijaykumartcs
Explorer
‎09-27-2017 12:43 AM

i have created a dashboard with 6 panel's, with last 7days time frame (from today) for transaction's count between the A-b, B-c, C-D applications, daily more than 1lakh + transactions are flowing, no i want to use summary index for improving the performance.

As summary index run's fast searches, My requirement is, i want to use the regular index for capturing today's data and for last 6 days it should capture the data from summary index.

Please help me with the queries and commands which i can use.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-27-2017 02:08 AM

Hi @vijaykumartcs,

You can use append command in your splunk query so your query will be index=<index name> earliest=@d latest=now .... your search..... | append [ search index=<summary index> earliest=-7d@d latest=@d ..... your search ..... ]

You can change earlist and latest value based on your requirement.

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...