Dashboards & Visualizations

UX Design idea - timerange picker increment/decrement?

inventsekar
Ultra Champion

Hi All,

This is another idea myself and my friends discussed in a UX Design classes..

Lets take a scenario / Use Case - i search for logs from a few servers for the past 60 mins.. The search runs for, around 70 seconds and then i get around "N" events (Precisely, the inspect job says — This search has completed and has returned 1,000 results by scanning 2,740,128 events in 73.46 seconds).

Now, i would like to go for another 10 mins(past 70 mins). Now, i should update the time range picker for 70 mins and run the search again. And then, search runs for another 100 seconds.. (Precisely — This search has completed and has returned 1,000 results by scanning 3,106,208 events in 103.652 seconds)

so, when we run searches like this, if splunk runs just for that particular 10 mins and adds the results to first search results, we could get get same results, importantly, much faster.
(assuming that events came in serial wise(chronologically))

EDIT - in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

0 Karma

ddrillic
Ultra Champion

If performance is an issue and you have a particular search query , then acceleration is the way.

0 Karma

niketn
Legend

Refer to my answer for your other Search UI related question: https://answers.splunk.com/answers/686886/any-ideassuggestions-about-an-ux-design-idea-for-t.html

If you want Splunk Search behavior specific to your requirements you can create your own SearchView using Splunk JS Stack. Refer to Splunk Web Framework documentation on Splunk Dev Site like http://dev.splunk.com/view/SP-CAAAEM7#searchcontrols

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

inventsekar
Ultra Champion

Hi @niketnilay.. let me check both links.. thanks.

0 Karma

niketn
Legend

@inventsekar in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). But you can build this kind of use case in Dashboard if you have this as your use-case or requirement.

Unless I have completely misunderstood the question.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

inventsekar
Ultra Champion

in Search UI, this kind of Custom behavior does not seem generic use case (to be applicable for all searches). ///
yep, this does not a generic user case applicable for all searches. but most of the new users and troubleshooting users will do these kind searches all the times.

let me say - a user search for something.. he didnt get the expected results.. he has to increment or decrement the timerange. then, splunk has to "reinvent the wheel"(do the same search which it just ran along with little more +or- on timerange).

Hope you are clear this use-case now.

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...