Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to improve performance of a shared dashboard with panels running real-time searches if viewed by many users?

vinitatsky
Communicator
‎06-22-2015 08:35 AM

We have created a Dashboard with some panels showing real-time traffic. When someone opens the this dashboard, it takes long time to display data. Also it creates another Job in Splunk. Is this expected behavior? When dashboard is viewed by many people, it impacts Splunk performance. Is there any way to implement 'shared' dashboard in better ways

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎06-22-2015 09:46 AM

You can schedule the RT search. Then everyone opening the dashboard will hook into the existing job instead of launching a new one, and will immediately get the job's current results.

Reply

vinitatsky
Communicator
‎06-22-2015 09:58 AM

Thanks Martin.
If I schedule RT search to run it every 5 minutes, then it won't be real-time?

0 Karma
Reply

LukeMurphey
Champion
‎06-22-2015 11:46 AM

Setting the cron schedule on an RT search will leave the search running in real-time. For RT searches, the cron schedule indicates how often Splunk will kick off the search if it is not already running. If your RT search fails, the cron schedule will indicate how often Splunk will check and restart it if needed. I usually set scheduled RT searches to have a cron schedule of */5 * * * *.

Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...