Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Optimising dashboard. Make all visualisations use same search?

allanmb
Engager
‎01-12-2017 07:12 AM

I have a dashboard which renders 10 different visualisations but they are all using the same search string for splunk. E.g the following log entry is what I am searching for:

Settings: Data1:Value1 Data2:Value2 Data 3:Value3

I then parse the line for each visualisation. We have thousands of entries so the search can take quite a long time and it seems to do the search 10 times, once foe each visualisation. Is there a way to do one search and then use that search for each visualisation?

Thanks

0 Karma
Reply

twinspop
Influencer
‎01-12-2017 07:33 AM

Post processing might work, but it sounds like you'd have a lot of results from the base search. IIRC, post processing has a 10k limit. Instead, I would save your base search as a scheduled search, then use loadjob in each panel's query.

https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Loadjob

Panel query:

| loadjob savedsearch="myuserid:my_cool_app:my_saved_base_search" | timechart ...
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...