Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Search Application Summary page slow to load

gfriedmann
Communicator
‎06-18-2010 05:53 PM

We index data from about 2000 different hosts. logs are relayed in via a TCP syslog source.

Whenever a user goes to the search application, it takes a good 20+ seconds to load all the summary dada, such as Events Indexed" and all of the counts for each source & host.

Is there any way to edit this page or speed up this search or used cached results on a 5 minute schedule or something like that? The lag really gives an impression of system slowness on this very first page. 😕

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎08-28-2010 02:29 PM

I had the same problem. My solution was to remove the searches from the summary page, which was a big improvement.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Brian_Osburn
Builder
‎08-28-2010 02:29 PM

I had the same problem. My solution was to remove the searches from the summary page, which was a big improvement.

0 Karma
Reply
Solved! Jump to solution

Simeon
Splunk Employee
Splunk Employee
‎06-18-2010 10:44 PM

The searches run from the summary page are metadata searches. These should run very quickly. The comparable search queries would be:

| metadata type=hosts

| metadata type=sources

| metadata type=sourcetypes

Each of the above searches should only take a few seconds to return. It is possible that you have a performance problem that is causing these searches to run slowly. In that case, I recommend you contact support to help debug the problem.

If you are in a distributed search environment, it is possible that the remote peers are taking a while to return data. Splunk will wait to compile all of the results from each indexer before painting the page.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...