Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

long running job

surekhasplunk
Communicator
‎08-23-2020 07:42 PM

Hi,

I have written a query to generate lookup file for last 30days, which is taking  a lot of time like almost 4 hours which is high on cpu. So can is there a option to run query everyday but run only for last 24 hours and append to the same lookup file generated yesterday, so that the dashboard populates quickly with all the 30days data post comparison

Labels (1)
Labels
Tags (2)
0 Karma
Reply

Nisha18789
Builder
‎08-23-2020 10:52 PM

Hello @surekhasplunk , yes that possible, like below

<your query to generate the data for last 24 hour>| outputlookup <lookup name.csv> append=true

Also, you can use summary index fir storing this data in case the lookup has a chance to get very bulky with time.

0 Karma
Reply

surekhasplunk
Communicator
‎08-24-2020 12:32 AM

thanks @Nisha18789 

So in case i use summary index, i have to schedule it to run everyday for last 24hrs ?

or once in a month with last 30 days ?

Also it will impact the license usage right where as when we write to lookup file it wont affect the license usage

Please explain

 

0 Karma
Reply

Nisha18789
Builder
‎08-24-2020 03:42 AM

Hi @surekhasplunk , running after midnight , for previous day will be good.

Also, logging to summary index does not add to license usage as this data is already ingested in your original index.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...