Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to speedup search machine data?

ugy
Explorer
‎04-03-2014 12:37 AM

Hello everyone... 🙂

My Data is under type...
|TAG01|TAG02|TAG03|
|434.1|444.0|42.7|
|420.1|424.5|40.6|
|470.3|453.8|43.5|
|452.6|413.6|40.4|
|429.3|419.3|44.7|

I'd like to check realtime data in Splunk Gauge, So, I use this search
"index=myindex | timechart latest(TAG01)"

How to speedup search?

If use accelation Report, Can i use latest or first?

Thanks.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 12:52 AM

If you're just displaying a single value, you should be able to speed up your realtime search like this:

index=myindex TAG01=* | tail 1 | table TAG01

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 12:52 AM

If you're just displaying a single value, you should be able to speed up your realtime search like this:

index=myindex TAG01=* | tail 1 | table TAG01
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 02:48 AM

For a line chart you're probably looking for something like this:

index=myindex TAG01=* | timechart avg(TAG01)

Report Acceleration can be enabled for this if you need to.

0 Karma
Reply
Solved! Jump to solution

ugy
Explorer
‎04-03-2014 02:40 AM

I have two issue.
First Gauge View, Two Linechart View.
So, I have to use timechart.
Your First answer for Gauge View. Thank you.
I'd like to view Long time for timechart. So, I asked about timechart and accelation report.

Anyway! Your answer is Helpfull to me.
Thank you.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎04-03-2014 01:13 AM

Why would you want to use timechart to feed a gauge? timechart gives you a series of values, for example one per minute, that's often charted using columns, lines, or areas. A gauge only displays one value.

The more important question is, what's your use case?

0 Karma
Reply
Solved! Jump to solution

ugy
Explorer
‎04-03-2014 01:09 AM

First of all
Thank you for your answer.

If i'd like to use timechart or Accelation Report, how to use search?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...