Managing event segmentation

Splunk breaks the uploaded data into events. Events are the key elements of Splunk search that are further segmented on index time and search time. Basically, segmentation is breaking of events into smaller units classified as major and minor. Segmentation can be explained with the help of the following example.

The complete IP address is a major segment, and a major segment can be further broken down into many minor segments, as shown in the following screenshot:

Managing event segmentation

It is very important to configure event segmentation, as index-time segmentation affects storage size and indexing speed, and search-time segmentation affects ...

Get Advanced Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.