O'Reilly logo

Splunk Developer's Guide by Kyle Smith

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Acceleration

Splunk searches are fast. They can pull millions of events in a relatively small amount of time. But what happens when you need to search billions of events? Or what if you want the daily statistics of a website over 5 years? This is where some methods of acceleration will give you an advantage over raw data. Acceleration "summarizes" your data, and provides you with aggregated statistics that can be looked up faster. If your App doesn't collect that much data, or you don't care about long-term statistics, you might not need any form of acceleration.

Summary indexing

Summary indexing is a tested but true method of collecting aggregated data. One way is to set up the summary fields and place them in the index using the collect command. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required