![]() ![]() There are several good resources that hang out down there that would be glad to help you optimize what you are doing. My goal is to power the base searches off of a report instead of a live search. ![]() However, they are based on a live base search. ![]() When you have the actual details, then you can make better decisions.įeel free to get on the Splunk Slack channel and ask for help in the dashboard sub channel. So far, I've been able to implement chain searches by modifying the source code. The efficiency of all of the above is highly data dependent and use case dependent. Changing the filters doesn't have to rerun the base search, just the post searches. With this strategy, the base search runs, then provides the results that get filtered for presentation. Used primarily for search and log analysis, Elasticsearch is today one of the most popular database systems available today. Third, the best argument for using a base search is if you are going to have filters that run after the base search to change the presentation. You can almost always built a more efficient search with streamstats followed by stats. I always recommend to avoid it if possible. But really, unless you have other panels that need this base search shared, you should combine the base and post-process into a single search in your panel. So to avoid the individual queries, Im trying to use the base search feature for efficiency purpose. So you could make your base search something like this: indexa-index sourcetype'a-srctype' fields AccountId. Second, while it may seem convenient at times, transaction is a very inefficient verb. On my dashboard, I have close to '20' different panels, As of now all the '20' panels have their own query. The efficient way may be with one base search, or three, or none. First, identify what the various panels are supposed to show, then determine what fields need to exist (be extracted) at what granularity level (stats by) in order to show all of them. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |