Re: Splunk 6 REST API: Much slower than 5

twinspop · ‎12-10-2013

I upgraded our indexers to Splunk 6 about 3 weeks ago. Our monitoring scripts use the REST interface to hit Splunk. Since the upgrade, calls to the REST API have slowed considerably. (Showing 95th % search run time for the REST API user.)

Anyone else notice similar?

I'm just starting the investigation. (Didn't notice til this morning - doh!) Pointers to likely sources of the delay appreciated.

dball2 · ‎01-13-2016

I have a similar problem, a query in the UI is taking around 10sec, and via searches export it takes > 4mins. Using splunk cloud API.

Incredibly slow. Someone should look at that .

ineeman · ‎01-27-2014

What OS are you running on? Also, the UI ends up using the API as well, so it is odd it is much faster in the UI. In the search inspector for both jobs (ones started from the UI and ones from the API), do you see any marked difference, especially in the 'request' field (which should be a JSON dictionary)?

austremestephen · ‎01-27-2014

version 6 API response is very slow compared with version 5.

twinspop · ‎01-17-2014

For the record: In the case of one of my saved searches, I can run the exact same search through the GUI on the exact same indexer and get an answer back in 1.5s. If I use the API, the response takes 25-30s.

Splunk 6 REST API: Much slower than 5

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation