Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is it more efficient to search in the main index with data from the summary index?

vijaykumartcs
Explorer
‎09-27-2017 12:43 AM

i have created a dashboard with 6 panel's, with last 7days time frame (from today) for transaction's count between the A-b, B-c, C-D applications, daily more than 1lakh + transactions are flowing, no i want to use summary index for improving the performance.

As summary index run's fast searches, My requirement is, i want to use the regular index for capturing today's data and for last 6 days it should capture the data from summary index.

Please help me with the queries and commands which i can use.

0 Karma
Reply

harsmarvania57
Ultra Champion
‎09-27-2017 02:08 AM

Hi @vijaykumartcs,

You can use append command in your splunk query so your query will be index=<index name> earliest=@d latest=now .... your search..... | append [ search index=<summary index> earliest=-7d@d latest=@d ..... your search ..... ]

You can change earlist and latest value based on your requirement.

Thanks,
Harshil

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...

[Puzzles] Solve, Learn, Repeat: Dereferencing XML to Fixed-length events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...