Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Why does the table command in Splunk cause performance degradation?

splunk_anoosheh
New Member
‎08-12-2017 11:36 PM

When I use this command ( table ) it runs at a slow speed .... please help me.
Thank you for your answer.

0 Karma
Reply

DalJeanis
Legend
‎08-14-2017 07:16 AM

Oh, this one killed me for a while.

fields is a streaming, distributable command.

table is neither. table, as well as dropping all non-mentioned fields, reformats the data internally, and limits the results as per some system parameters. It may do other stuff, but the bottom line is that table cannot run until all the results are returned to the search head, whereas fields can be run at each indexer.

So, use fields if you are up in the area where you are dealing with streaming distributable commands, and only use table later, after everything is already on the search head.

Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-13-2017 10:01 AM

Please share your full query. The table command by itself usually is not a performance drag.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...