Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Dashboard Performance - Saved Report or Inline Search

HeinzWaescher
Motivator
‎11-13-2013 03:21 AM

Hi,

I would like to set up some Dashboards to aggregate several search results on one page,
but I'm not sure about the exact difference between the "inline search" and "report"? Will the "inline search" run all searches again, so this type of panel will use a lot of performance (but will always be up to date)? Whereas the report-dashboard is using the results of each reports last run? So the report would be much better regarding performance issues?

Best

Heinz

Tags (2)
Reply

MuS
Legend
‎11-13-2013 04:29 AM

Hi HeinzWaescher,

like most of the Splunk related stuff; it all depends what you are trying to achieve.

For example

  • inline search cannot be accelerated, but can use saved search results
  • saved searches can be accelerated, if your result supports it (like stats output)
  • you can create a single dashboard with only one search and postprocess the result in different graphs if the base data for all graphs is the same, see this

In the end it is up to your needs and some try and error approach to setup THE dashboard for your needs.

Update: Not to forget the summary index and how to use it to increase report efficiency, see this docs


Hope this helps ...

cheers, MuS

Reply

HeinzWaescher
Motivator
‎11-13-2013 05:23 AM

Hey,

thanks for your answer. At the moment I just want to bring some results together and expected, that the results of saved searches and inline search are different in the dashboard. Because when I Clone a saved search to an inline search, Splunk tells me "The inline search: Will run every time the dashboard is loaded". So I expected that a saved search will use some kind of stored results and is much faster.

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...