Hi all,
I have developed an app that has a custom dashboard. On that custom dashboard, I am using Splunk's JavaScript Web Framework to run my custom searches that call our external REST API and then the dashboard is rendered using results returned from those searches.
Specifically, I'm using the Search Manager to define and process results from my searches. The code structure that I'm following for each search is as follows:
var phishInc = new SearchManager({
id: "phishing_inc",
preview: true,
cache: true,
search: "| snxusers stat=phishing_breakdown globalFilterValue=$globalFilterValue$"
}, {tokens: true});
phishInc.on('search:failed', function(properties) {
});
phishInc.on('search:progress', function(properties) {
});
phishInc.on('search:done', function(properties) {
});
var phishing_inc_search = splunkjs.mvc.Components.get('phishing_inc');
var phishing_inc_results = phishing_inc_search.data("results", {count: 0, output_mode: 'json_rows'});
phishing_inc_results.on("data", function () {
});
$globalFilterValue$ is a token that I have defined whose value I set from a drop-down menu. Whenever I set its value, my searches are triggered automatically as I have set tokens: true
Now I have observed that for a single search only, the results are returned pretty quickly but when I define all of my searches (total = 15) their times add up and the complete dashboard is rendered slowly. Since all of those searches depend on the globalFilterValue token, they are probably running in a sequential manner due to which the last parts of the dashboard are rendered at the end. Is there any way to speed up the execution of all these searches by somehow running them in a parallel fashion? Does Splunk JavaScript Web Framework allow any such possibility?
