- Splunk Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- Splunk scheduled report filtering and dashboard pa...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have a scheduled report in Splunk that runs nightly. It is accelerated for 7 days and runs back in time for 7 days also.
This report provides me comprehensive information about all my assets and respective information.
The report has about 10 million statistical records for our assets as we need.
When I reference my dashboard panels using this report, they error out complaining about "error fetching data" and it seems like it a huge data set thats why because it is fine with smaller data set. But when I open a report as normal in reports, it loads in less than 5 seconds.
I need to know if I add a report in a dashboard as a table, which I do, BUT is it possible to add dropdown filter menus to parse information from that huge report table or even the report by itself? OR how do I get the dashboard panels to load quicker when digging through this large report?
Report contents example:
Host, Barcode, Company, BusinessUnit, Location, ContactPerson
I want filters for Company, BusinessUnit, Location, ContactPerson so I can list Host, Barcode information associated with the selection from this huge data.
Thanks in-advance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where is the result of your accelerated report stored? Is that in an index or CSV file? In the dashboard, you can have a time picker to restrict the time range and additional fields to load by default [ as required]. Based on the filters selected by user, you can run the search against your index/lookup. If you have multiple panels, use base and post process search approach.
And if you still suffer with performance, you might want to look at creating a custom datamodel and storing the results/fields and use DM acceleration to get additional benefits and use tstats in your dashboards for performance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where is the result of your accelerated report stored? Is that in an index or CSV file? In the dashboard, you can have a time picker to restrict the time range and additional fields to load by default [ as required]. Based on the filters selected by user, you can run the search against your index/lookup. If you have multiple panels, use base and post process search approach.
And if you still suffer with performance, you might want to look at creating a custom datamodel and storing the results/fields and use DM acceleration to get additional benefits and use tstats in your dashboards for performance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Lakshman, I figured a way via base and post process. Still taking long but a lot better than before! 🙂 TY!!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad it worked, pls accept the solution to close the thread. I also suggest to look at having a custom datamodel created for your use case with required fields and accelerate it, so you can use tstats to further improve performance.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will do. THX!!
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
