Using SplunkJS, I would like to pass a data object to a search manager so that it can be displayed in a visualization.
Basically I have a complex search that stitches together the state changes experienced by a UID to calculate the duration of each state and provide a timeline. I want to be able to visualize the data from 10 separate UIDs at a time. I have found that it's much more performant to gather each of the 10 results arrays separately and then aggregate them than it is to use other solutions I've explored (e.g. using | append).
Once I have the data object that is the aggregate of the 10 results, is there a way to pass that to a search manager and visualization?
@pgoldweic - I found this https://gist.github.com/tozevv/fcae39f5a5867c296246 and played around with it a little, but ended up going in a different direction. My problem was about search performance with data that already exists in Splunk, and I think my solution was too specific to be useful. The linked code might get you somewhere..
Thanks @camillak, it looks like the code is about creating a custom replacement for the search manager. It could certainly be useful if one is writing a Splunk app. However, I am writing apps outside of Splunk and would rather not have to do that kind of customization. But it's useful to know it's possible though. Thanks again!