Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Realtime report

jadengoho
Builder
‎05-16-2018 07:13 PM

I am trying to create a dashboard in realtime , a savedsearch that ouputcsv then used that in the dashboard (20panel)

currently i have a search(4hrs) that outputcsv but not in REALTIME, would it be possible to outputcsv in a realtime search.
If not , what would be the easier way ?

0 Karma
Reply

adonio
Ultra Champion
‎05-18-2018 07:23 AM

why would you want to constantly output a csv?
can you elaborate on what is it that you are trying to achieve here?

0 Karma
Reply

hortonew
Builder
‎05-18-2018 08:29 PM

Yea a use case would be nice to have. The problem with constantly updating a csv is you're constantly changing the search knowledge bundle, and I'm not entirely sure what that would do to your environment. A better approach might involve summary indexing, kvstore, or data model + acceleration at the end of the day. I would think constantly outputting a csv would be the last thing you'd want to do.

Reply

jadengoho
Builder
‎05-20-2018 05:10 PM

Here is the situation :
I have a dashboard with 20 panels, each panel do different things.
- it must get the 24hrs worth of data (12,000+ data per 24hrs)
- It must be in real time( every 5-30 seconds if possible) since it was using a time chart
- must work smoothly as possible

Now here's my concern:
- If I use a data model + acceleration/ summary indexing: would it gather new data less than a minute ago?

Why did i use outputcsv ?
- I create a saved search that outputcsv file every minute ( that the shortest chron I think ), I kind of lost of option that why I choose it.

What is the best way to handle this kind of situation?

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...