Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to accelerate the time is takes request to generate result?

chimell1
Explorer
‎03-16-2023 06:36 AM

Hi!

My request take much time to generate the result, how can i accelerate it

| mpreview index=ciusss_vitals_linux_metric
| stats latest(_time) as latest1 by host
| eval recent = if(latest1 > relative_time(now(),"-5m"),1,0), realLatest = strftime(latest1,"%c")
| search recent=0
| stats values(host) as host
| mvexpand host | map search="| ping host=$host$" maxsearches=200

Labels (1)
Labels
Tags (1)
0 Karma
Reply

yeahnah
Motivator
‎03-16-2023 06:50 PM

Hi @chimell1 

Using map (basically a loop) can be inherently slow if it needs to do lots of iterations.  Currently it could do up to 200 separate searches to complete the result set for you.

The "| ping " command is also a non standard Splunk command.  Is that from a custom command or from a third party app?  If the ping command is slow to return a result when it's run then you're limited by its speed too.  

Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...