Search

krbalaji77 · ‎06-28-2023

I have this query to find hosts from a lookup that have zero events. There are about a 100 hosts and I can see that the query performance is slow with the use of subquery this way. Any ideas t...

HeinzWaescher · ‎05-20-2014

Hi, I've got ~15.000 events where FieldA exists (in total there are 20.000.000 events). I want to filter out these events and I'm wondering about the performance of different approaches. Why i...

fk319 · ‎10-20-2010

...isplay the dashboard. What constitutes a search: a data base search? or does the post search also count? 2) I did some rough counts, If I merge the 5 summary-indexes into one, there will be about 3...

Abass42 · ‎07-19-2023

...se hour, so that may help a bit, but i would also like to optimize this search so it runs faster. Currently, it runs about 40 seconds to a little over a minute: What would be the best way to optim...

clincg · ‎08-20-2010

..." only returns about 300 results, but the subsearch is searching across millions of users accounts. If I removed the sub search, the outer search only takes a few seconds to complete. Does a...

guilmxm · ‎04-07-2013

...ranularity of charts) Therefore, i am looking for the better approach to optimize dashboard performance and reduce number of jobs and their CPU cost. 1. Schedule Saved searches This was my f...

bshamsian · ‎06-16-2015

I have a dashboard that has over 30 panels - they all have the same basic search query so I decided to use the new search optimization of Splunk 6.2. Here is what I did - I defined a global search a...

JetteBra · ‎03-23-2017

...nown IPs from the logdata. However the searches seem to take a long time, and I'm not sure if its due to my non-optimized search or that its just too much logdata. My goal was to search through the l...

yutaka1005 · ‎11-08-2018

My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using two lookup tables .(*I attached them to this page.) | inputlookup t...

HeinzWaescher · ‎10-21-2015

...sers BY server_id I'm thinking about how to optimize the performance of this dashboard. 1. Report Acceleration Accelerate this base search (the output will be at least >3.000.000 r...

Search

Search the Community

Optimizing subquery with inputlookup

Search Optimization

Optimizing Dashboard Searches

Optimize a search

Subsearch Performance Optimization

Optimizing Dashboards performances, looking for th...

How do I optimize the performance of my dashboard ...

How to optimize my lookup search with large amount...

Why does the "transaction" command return differen...

Should I use report acceleration or the loadjob co...