UX Design idea - timerange picker increment/decrem...

inventsekar · ‎10-05-2018

Hi All,

This is another idea myself and my friends discussed in a UX Design classes..

Lets take a scenario / Use Case - i search for logs from a few servers for the past 60 mins.. The search runs for, around 70 seconds and then i get around "N" events (Precisely, the inspect job says — This search has completed and has returned 1,000 results by scanning 2,740,128 events in 73.46 seconds).

Now, i would like to go for another 10 mins(past 70 mins). Now, i should update the time range picker for 70 mins and run the search again. And then, search runs for another 100 seconds.. (Precisely — This search has completed and has returned 1,000 results by scanning 3,106,208 events in 103.652 seconds)

so, when we run searches like this, if splunk runs just for that particular 10 mins and adds the results to first search results, we could get get same results, importantly, much faster.
(assuming that events came in serial wise(chronologically))

EDIT - in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

ddrillic · ‎10-05-2018

If performance is an issue and you have a particular search query , then acceleration is the way.

niketn · ‎10-05-2018

Refer to my answer for your other Search UI related question: https://answers.splunk.com/answers/686886/any-ideassuggestions-about-an-ux-design-idea-for-t.html

If you want Splunk Search behavior specific to your requirements you can create your own SearchView using Splunk JS Stack. Refer to Splunk Web Framework documentation on Splunk Dev Site like http://dev.splunk.com/view/SP-CAAAEM7#searchcontrols

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

inventsekar · ‎10-08-2018

Hi @niketnilay.. let me check both links.. thanks.

niketn · ‎10-05-2018

@inventsekar in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). But you can build this kind of use case in Dashboard if you have this as your use-case or requirement.

Unless I have completely misunderstood the question.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

inventsekar · ‎10-08-2018

in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

Hope you are clear this use-case now.

UX Design idea - timerange picker increment/decrement?

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk