Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

saved search to improve the dashboard performance

selvam_sekar
Path Finder
‎12-20-2023 10:48 PM

Hi,

My dashboard seems to be taking around 1.3 mints to load the data for multiple panels and sometime it takes around 4 mints to load the data. My client come up with an requirement to get 'auto refresh" feature  enabled for the dashboard with 15 mints intervals.

I used base search and the base search intern uses the | tstats. I am not familiar with save search or scheduled serch or loadjob.

Please could you advise? how to implement the feature

Thanks,

Selvam.

 

Labels (2)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-20-2023 10:54 PM

Hi @selvam_sekar,

you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing

My hint is to use Datamodels or Summary indexes.

About the second, you have to schedule your searches with a frequency to defin based on the time for the search execution and your refresh requirements.

So you can save the results in a summary index and then run your search on the aggregated values that you have in the summary index.

Ciao.

Giuseppe

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎12-20-2023 10:54 PM

Hi @selvam_sekar,

you have some methods to accelerate your search that youcan find described at https://docs.splunk.com/Documentation/Splunk/9.1.2/Knowledge/Aboutsummaryindexing

My hint is to use Datamodels or Summary indexes.

About the second, you have to schedule your searches with a frequency to defin based on the time for the search execution and your refresh requirements.

So you can save the results in a summary index and then run your search on the aggregated values that you have in the summary index.

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

selvam_sekar
Path Finder
‎12-20-2023 11:18 PM

sure, thanks for the note @gcusello . summary index or scheduled search both are same?

 

Please could you suggest, how to implement the scheduled search ?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-21-2023 01:58 AM

Hi @selvam_sekar,

they are two different thing to use in different situations:

sheduled searches can be used when you have a fixed search to display in a panel, e.g. to replace a Real Time Search.

Summeary index is the best solution if you want to pre-elaborate your results and leave the users to aggregate as whey want the already elaborated results.

I usually use summary indexes.

Ciao.

Giuseppe

P.S.: Karma Points are appreciated 😉

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...