Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

UX Design idea - timerange picker increment/decrement?

inventsekar
SplunkTrust
SplunkTrust
‎10-05-2018 05:52 AM

Hi All,

This is another idea myself and my friends discussed in a UX Design classes..

Lets take a scenario / Use Case - i search for logs from a few servers for the past 60 mins.. The search runs for, around 70 seconds and then i get around "N" events (Precisely, the inspect job says — This search has completed and has returned 1,000 results by scanning 2,740,128 events in 73.46 seconds).

Now, i would like to go for another 10 mins(past 70 mins). Now, i should update the time range picker for 70 mins and run the search again. And then, search runs for another 100 seconds.. (Precisely — This search has completed and has returned 1,000 results by scanning 3,106,208 events in 103.652 seconds)

so, when we run searches like this, if splunk runs just for that particular 10 mins and adds the results to first search results, we could get get same results, importantly, much faster.
(assuming that events came in serial wise(chronologically))

EDIT - in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

ddrillic
Ultra Champion
‎10-05-2018 12:17 PM

If performance is an issue and you have a particular search query , then acceleration is the way.

0 Karma
Reply

niketn
Legend
‎10-05-2018 07:13 AM

Refer to my answer for your other Search UI related question: https://answers.splunk.com/answers/686886/any-ideassuggestions-about-an-ux-design-idea-for-t.html

If you want Splunk Search behavior specific to your requirements you can create your own SearchView using Splunk JS Stack. Refer to Splunk Web Framework documentation on Splunk Dev Site like http://dev.splunk.com/view/SP-CAAAEM7#searchcontrols

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-08-2018 12:28 AM

Hi @niketnilay.. let me check both links.. thanks.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

niketn
Legend
‎10-05-2018 06:52 AM

@inventsekar in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). But you can build this kind of use case in Dashboard if you have this as your use-case or requirement.

Unless I have completely misunderstood the question.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply

inventsekar
SplunkTrust
SplunkTrust
‎10-08-2018 12:36 AM

in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

Hope you are clear this use-case now.

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...