We have already seen how the post process was used to enhance the dashboard results based on a global search. Splunk 6.4 has enhanced multi-search management by adding a recursive search post process. Let's understand this enhancement with the help of an example:

Until Splunk 6.3, multi-search management's post process search was based on a global search, that is, a global search is defined and then based on the result of the global search, other post process searches were defined. In the newly enhanced recursive search post process, we can use a search as a base search, which itself is derived from another search. As in the preceding figure, Search 4 is based on the post process of Search 2, where Search 2 itself is based on a post process of a global search.

We have already studied the post process search in this book; now, let's see how to implement the recursive search post process on Splunk 6.4. The following code snippet explains how the recursive post process can be implemented on the Splunk dashboard for optimized and fast processing of dashboard results:

Using the enhanced multi-search management feature of Splunk 6.4, now the dashboards can be further optimized for enhanced performance.