×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
seanlenes
Explorer
Member since: ‎07-30-2020
‎08-14-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-30-2020
View All

Splunk Dashboard Panel from Scheduled Report will ...

by in Reporting
‎08-13-2020 12:40 PM
‎08-13-2020 12:40 PM
I have a scheduled report that I have set up as a dashboard panel to display the results of the report alongside other important information. However, when I open the dashboard, it appears that the search runs from the beginning, instead of just displaying the results of the last report run. Here is the code from the dashboard source: <panel>      <chart>           <title>PanelTitle</title>                <search ref="ReportName"></search>                <option name="charting.chart">column</option>                <option name="charting.chart.showDataLabels">all</option>                <option name="charting.drilldown">all</option>      </chart> </panel> details of the report that might help: This scheduled report runs daily at 0:00. Its time range is last 7 days. It is shared at the app level,  and was created by search and choosing "Save As Report", and is owned by the same account that was used to create the dashboard ... View more

speeding up Multiple joins in a single search

by in Reporting
‎08-06-2020 04:49 PM
‎08-06-2020 04:49 PM
Hello, I have a very involved query involving 4 joins and I am looking for a way to speed it up. The purpose of this is for a dashboard that cleanly presents the needed data in a single table instead of 5 separate panels (as per the requirements given to me). One of the problems I am running into is that some of the queries have different indexes, so I need to have the multiple searches for them, and appendcols doesn't seem to work since the only real thing in common between them is that 3 share the same index so there isn't one clean base search to use.  I'm not sure I could post the query here due to regulations, So I will try to be as specific as possible. How smart is splunk when it comes to queries? 3 of the queries I have the same index, so could I do something like the below: index=xyz (A and B and C) OR (D and E and F)  OR (G and H and I) | stats based on (A and B and C) | stats based on (D and E and F) | stats based on (G and H and I)   If you have any other tips or resources on speeding up joined queries that could help, that would be great as well ... View more

Re: Dashboard Loading Slowely but seems to be runn...

by in Reporting
‎08-03-2020 01:58 PM
‎08-03-2020 01:58 PM
@richgalloway  Saved Searches worked great for the panels that present data on a specific time-frame. I have a follow-up question regarding some of the other panels, though. After looking into it, I realized that I lost the option for using the time-picker for some panels. One of the requirements for the dashboard was also to have a time-frame picker with default of "last 7 days". How can I incorporate saved searches run from the service account but also have the ability to use the time frame picker input in case the user wants to go back further than the default of Last 7 days? ... View more

Dashboard Loading Slowely but seems to be running ...

by in Reporting
‎07-30-2020 01:12 PM
‎07-30-2020 01:12 PM
I am working on a very large dashboard (as per the requirements given to me) that is running slowly. I've managed to cut down on the number of panels significantly, and optimized the queries to the best of my abilities. I've tried looking into base searches but all the panels seem to have significantly different queries (most only having the index in common). I noticed that the dashboard runs fine when I am logged into splunk with my team's service account, and slower when I log in as myself. I believe this is expected because we have greater resources allocated towards our service account. If this is true, am I able to power the dashboard with the service account instead of the individual's account? I have created the dashboard with the service account but when I check the "Jobs" page, it says the owner of the queries is the individual. I also have the dashboard shared at the app level with read/write permissions set appropriately for my team. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-14-2020 01:50 PM
Karma given to
View All