Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Is it more efficient to search in the main index with data from the summary index?

vijaykumartcs
New Member
‎09-27-2017 12:43 AM

i have created a dashboard with 6 panel's, with last 7days time frame (from today) for transaction's count between the A-b, B-c, C-D applications, daily more than 1lakh + transactions are flowing, no i want to use summary index for improving the performance.

As summary index run's fast searches, My requirement is, i want to use the regular index for capturing today's data and for last 6 days it should capture the data from summary index.

Please help me with the queries and commands which i can use.

0 Karma
Reply
Highlighted

Re: Is it more efficient to search in the main index with data from the summary index?

harsmarvania57
SplunkTrust
SplunkTrust
‎09-27-2017 02:08 AM

Hi @vijaykumartcs,

You can use append command in your splunk query so your query will be index=<index name> earliest=@d latest=now .... your search..... | append [ search index=<summary index> earliest=-7d@d latest=@d ..... your search ..... ]

You can change earlist and latest value based on your requirement.

Thanks,
Harshil

0 Karma
Reply