Splunk 6 REST API: Much slower than 5

twinspop · ‎12-10-2013

I upgraded our indexers to Splunk 6 about 3 weeks ago. Our monitoring scripts use the REST interface to hit Splunk. Since the upgrade, calls to the REST API have slowed considerably. (Showing 95th % search run time for the REST API user.)

Anyone else notice similar?

I'm just starting the investigation. (Didn't notice til this morning - doh!) Pointers to likely sources of the delay appreciated.

dball2 · ‎01-13-2016

I have a similar problem, a query in the UI is taking around 10sec, and via searches export it takes > 4mins. Using splunk cloud API.

Incredibly slow. Someone should look at that .

ineeman · ‎01-27-2014

What OS are you running on? Also, the UI ends up using the API as well, so it is odd it is much faster in the UI. In the search inspector for both jobs (ones started from the UI and ones from the API), do you see any marked difference, especially in the 'request' field (which should be a JSON dictionary)?

austremestephen · ‎01-27-2014

version 6 API response is very slow compared with version 5.

twinspop · ‎01-17-2014

For the record: In the case of one of my saved searches, I can run the exact same search through the GUI on the exact same indexer and get an answer back in 1.5s. If I use the API, the response takes 25-30s.

Splunk 6 REST API: Much slower than 5

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life