Solved: Re: how to speedup search machine data?

ugy · ‎04-03-2014

Hello everyone... 🙂

My Data is under type...
|TAG01|TAG02|TAG03|
|434.1|444.0|42.7|
|420.1|424.5|40.6|
|470.3|453.8|43.5|
|452.6|413.6|40.4|
|429.3|419.3|44.7|

I'd like to check realtime data in Splunk Gauge, So, I use this search
"index=myindex | timechart latest(TAG01)"

How to speedup search?

If use accelation Report, Can i use latest or first?

Thanks.

martin_mueller · ‎04-03-2014

If you're just displaying a single value, you should be able to speed up your realtime search like this:

index=myindex TAG01=* | tail 1 | table TAG01

View solution in original post

martin_mueller · ‎04-03-2014

If you're just displaying a single value, you should be able to speed up your realtime search like this:

index=myindex TAG01=* | tail 1 | table TAG01

martin_mueller · ‎04-03-2014

For a line chart you're probably looking for something like this:

index=myindex TAG01=* | timechart avg(TAG01)

Report Acceleration can be enabled for this if you need to.

ugy · ‎04-03-2014

I have two issue.
First Gauge View, Two Linechart View.
So, I have to use timechart.
Your First answer for Gauge View. Thank you.
I'd like to view Long time for timechart. So, I asked about timechart and accelation report.

Anyway! Your answer is Helpfull to me.
Thank you.

martin_mueller · ‎04-03-2014

Why would you want to use timechart to feed a gauge? timechart gives you a series of values, for example one per minute, that's often charted using columns, lines, or areas. A gauge only displays one value.

The more important question is, what's your use case?

ugy · ‎04-03-2014

First of all
Thank you for your answer.

If i'd like to use timechart or Accelation Report, how to use search?

how to speedup search machine data?

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues