Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Dashboard Performance - Saved Report or Inline Search

HeinzWaescher
Motivator
‎11-13-2013 03:21 AM

Hi,

I would like to set up some Dashboards to aggregate several search results on one page,
but I'm not sure about the exact difference between the "inline search" and "report"? Will the "inline search" run all searches again, so this type of panel will use a lot of performance (but will always be up to date)? Whereas the report-dashboard is using the results of each reports last run? So the report would be much better regarding performance issues?

Best

Heinz

Tags (2)
Reply

MuS
SplunkTrust
SplunkTrust
‎11-13-2013 04:29 AM

Hi HeinzWaescher,

like most of the Splunk related stuff; it all depends what you are trying to achieve.

For example

  • inline search cannot be accelerated, but can use saved search results
  • saved searches can be accelerated, if your result supports it (like stats output)
  • you can create a single dashboard with only one search and postprocess the result in different graphs if the base data for all graphs is the same, see this

In the end it is up to your needs and some try and error approach to setup THE dashboard for your needs.

Update: Not to forget the summary index and how to use it to increase report efficiency, see this docs


Hope this helps ...

cheers, MuS

Reply

HeinzWaescher
Motivator
‎11-13-2013 05:23 AM

Hey,

thanks for your answer. At the moment I just want to bring some results together and expected, that the results of saved searches and inline search are different in the dashboard. Because when I Clone a saved search to an inline search, Splunk tells me "The inline search: Will run every time the dashboard is loaded". So I expected that a saved search will use some kind of stored results and is much faster.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...