Splunk Search

How to increase execution speed of multiples searches in Splunk JavaScript Web Framework?

umairahmad3985
Path Finder

Hi all,

I have developed an app that has a custom dashboard. On that custom dashboard, I am using Splunk's JavaScript Web Framework to run my custom searches that call our external REST API and then the dashboard is rendered using results returned from those searches.

Specifically, I'm using the Search Manager to define and process results from my searches. The code structure that I'm following for each search is as follows:

 

var phishInc = new SearchManager({
        id: "phishing_inc",
        preview: true,
        cache: true,
        search: "| snxusers stat=phishing_breakdown globalFilterValue=$globalFilterValue$"
    }, {tokens: true});

    phishInc.on('search:failed', function(properties) {
           
    });

    phishInc.on('search:progress', function(properties) {
           
    });

    phishInc.on('search:done', function(properties) {
           
    });

    var phishing_inc_search = splunkjs.mvc.Components.get('phishing_inc');
    var phishing_inc_results = phishing_inc_search.data("results", {count: 0, output_mode: 'json_rows'});

    phishing_inc_results.on("data", function () {
      // The data from the search is processed here
    });

 

$globalFilterValue$ is a token that I have defined whose value I set from a drop-down menu. Whenever I set its value, my searches are triggered automatically as I have set tokens: true 

Now I have observed that for a single search only, the results are returned pretty quickly but when I define all of my searches  (total = 15) their times add up and the complete dashboard is rendered slowly. Since all of those searches depend on the globalFilterValue token, they are probably running in a sequential manner due to which the last parts of the dashboard are rendered at the end. Is there any way to speed up the execution of all these searches by somehow running them in a parallel fashion? Does Splunk JavaScript Web Framework allow any such possibility?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...