Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SPL2 searches acceleration

artkhod
New Member
2 weeks ago

Hi,

I haven't seen the acceleration mentioned anywhere in regards to SPL2.

I have saved a sample search as a report form the search box and noticed that the report is saved as `| @spl2 search ...` which prompts a question what would theoretically happen if we were able to accelerate it? Would the SPL2 searches that use the accelerated report as a base benefit from summaries? Is acceleration something that would be introduced with SPL2 views/searches?

As of now, I assume it is not possible, since trying to accelerate a search with @spl2 gives a 'malformed search' error which is different to 'report cannot be accelerated' error that appears when the report does not satisfy the condition.

Thank you in advance.

 

Labels (1)
Labels
Tags (1)
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
Thursday

@artkhod - I don't think it has been documented anywhere in Splunk Docs that accelerated report supports SPL2. FYI, I also didn't find its documented anywhere that it does not support as well.

 

Maybe if you need it as a feature you can submit it as an idea to https://ideas.splunk.com  

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...