Since the launch of the 1.2 product some people are experiencing really slow query times. This is especially noticable when you are running a live splunk pretty often, as this tends to fragment the database quiet a bit.

Fear not as there is a hidden undocumented call that you can make ! If you run the query “++cmd++::optimize” you will cause a database optimization. This call may take a while to return so use with care. Soon we will have a release with an auto-optimizer but if it’s hampering your splunking right now you can create a live splunk to run every 10-30 mins that runs “++cmd++::optimize”.

Laters,

Brian