This content originally appeared on DEV Community and was authored by Maxime Guilbert
Creating a dashboard in Splunk can be really heavy and long to load if it's not optimized.
The biggest part of the optimization is the reusage of requests.
To do it easily, Splunk implemented a search object which can be use as basis for other requests.
<search id="baseSearch">
<query>$env$ $project$ action=$action$ $typeCode_tok$
| table timestamp, etransferId, application.name, context, action, correlationId,dd.trace_id, error.code, error.text, log, _raw
| sort timestamp $sort$, time $sort$
</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
Like this, a big part is already loaded and you just have to refine some elements for a particular graph.
<search id="baseSearch">
<query>$env$ $project$ action=$action$ $typeCode_tok$
| table timestamp, etransferId, application.name, context, action, correlationId,dd.trace_id, error.code, error.text, log, _raw
</query>
<earliest>$time.earliest$</earliest>
<latest>$time.latest$</latest>
</search>
<search id="baseSearchLatest" base="baseSearch">
<query>search
| stats latest() by dd.trace_id
| rename latest(error.code) AS error.code | fillnull value="emptyVal" error.code
| rename latest(action) AS action | fillnull value="null" action
| rename latest(error.text) AS error.text
</query>
</search>
I hope it will help you! 🍺
This content originally appeared on DEV Community and was authored by Maxime Guilbert
Maxime Guilbert | Sciencx (2022-02-15T14:50:15+00:00) Splunk – Dashboard request optimization. Retrieved from https://www.scien.cx/2022/02/15/splunk-dashboard-request-optimization/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.