O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Creating indexes

Indexes are where Splunk Enterprise stores all the data it has processed. It is essentially a collection of databases that are, by default, located at $SPLUNK_HOME/var/lib/splunk. Before data can be searched, it needs to be indexed—a process we describe here.

Tip from the Fez: There are a variety of intricate settings which can be manipulated to control size and data management aspects of an index.  We will not cover those in this book, however as your situation requires complexity, be sure to consider a variety of topics around index management, such as overall size, buckets parameters, archiving and other optimization settings. 

There are two ways to create an index, through the Splunk user interface or by creating an ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required