Dashboards & Visualizations

Is there a concept of caching in Splunk 6.2.1 or the option of using a lookup table to make a dashboard drop-down load faster?

vdevarayan
Path Finder

I have 50+ million lines forwarded to an index.
It is in csv format and here is an example:
timestamp,teamname,buildnumber,url,latency,responsecode, (and few other fields)

Now, i am creating a dashboard with 2 drop-downs at the top.
First drop-down is unique teamname
Second drop-down is unique buildnumber based on the teamname (first drop-down)

The issue i have is that the first drop-down takes minutes to load.
Is there a way to make this any faster?
Is it possible to cache this ?
or using a lookup table an option here?

I am on version 6.2.1

Thanks

0 Karma

jeffland
SplunkTrust
SplunkTrust

You could schedule a saved search which outputs the teamnames to csv and load those into your dropdown (http://docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/Outputcsv and http://docs.splunk.com/Documentation/Splunk/6.2.2/SearchReference/inputlookup).
Depending on how fresh your data has to be, you could run this search once per night, so your dropdown has results that are up to date each day. If you need more recent (i.e., hourly) data, you could also do a second search over a timeframe of the last 24 hours which starts on loading the dashboard and conditionally add any new results from that search to your dropdown dynamically.

But if I understood your sitation correctly, you have a large data basis with many "historic" events, so it may be more efficient to do a search over all your data once to get a basis for the teamnames and then only search once per day for any new entries which could then be added to your list teamnames. I am not sure if you need to do this by hand (e.g. create a csv file), or if this is somehow inbuilt with accelerated splunk reports.

0 Karma
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...