Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Preview generating custom command result

electronicsplun
New Member
‎11-20-2018 01:34 AM

Hi

I want to add a generating custom command that will query one of our DBs. So I have followed the tutorials and created a class that inherits from GeneratingCommand and implemented the generate method. Problem is that Splunk waits for all the results to return and the query might be slow (4-5 seconds). So following some of the docs it looks like timeline_events_preview is what I need but I still don't get the live update of the events view (Similar to using the builtin search command).

I can't post the original code (for copyright reasons) but I can't make it work even with the next simple example:

@Configuration(streaming=True)
class MyGeneratingCommand(GeneratingCommand):
    def generate(self):
        for i in range(10 ** 6):
            yield {'_time': time.time(), '_raw': 'test {}'.format(i), 'events_no': i}

I added a limits.conf file to $SPLUNK_HOME/etc/apps/myapp/local with:

[search]
timeline_events_preview = true

When I use the custom command Splunk waits for all 1 million results to return before showing some of them in the events view.

0 Karma
Reply

electronicsplun
New Member
‎11-25-2018 06:19 AM

So my problem was that I used the SCPv1 instead of using SCPv2 that supports the chunked. This property of the SCPv2 should be documented more because I didn't find any explicit and clear description of the differences between v1 and v2.

0 Karma
Reply

kcnolan13
Communicator
‎10-21-2019 07:59 AM

So you actually solved the problem? I'm trying the same thing using SCPv2 and it still waits for all 1M results before showing them in preview. Same configuration settings and CSC.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...