cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
bhavisankar
New Member
Member since: ‎11-29-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-29-2016
View All

How can I optimize the performance of my current b...

by in Splunk Search
‎11-29-2016 12:12 AM
‎11-29-2016 12:12 AM
I have a base search to collect all data and some subsearches that access these base searches to draw graphs. Base search: index = app sourcetype = airchangeservice "LogName=com.expedia.www.platform.diagnostics.tracing.TraceResources" | rex "(?{[^}]+})" | mvexpand json_field | spath input=json_field | search (eventName="AIR_CANCEL_SERVICE" OR eventName="AIR_VOID_SERVICE") | fields eventName, context.STATUS, context.TPID The subsearches draw graphs for different eventName, context.STATUS, context.TPID. See one of my subsearches: <query>| search ("PROVIDER CODE":"TF") OR ("PROVIDER_CODE":"TF") AND eventName="AIR_CANCEL_SERVICE"| timechart span=1d count by context.STATUS</query> </search> Is there anything I can do to optimize the searches? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM