Extended functionalities

When using Splunk Web (again, I recommend this), you can edit all the alert properties in a single place.

Navigate to Settings | Searches, reports, and alerts; you can locate the search/alert and click on the name. From here, Splunk shows you and allows you to edit all the information for this alert. In addition, there are a few extended functionalities, as follows:

Acceleration
An expiration for the alert
Summary indexing

Splunk acceleration

Splunk acceleration is a technique that Splunk uses to speed up searches which take a long time to complete, because they have to cover a large amount of data. You can enable acceleration for the search that your alert is based on by checking the Accelerate this search checkbox and selecting ...

Get Mastering Splunk now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Splunk by James Miller

Extended functionalities

Splunk acceleration

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly