O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary indexing

In a matter of days, Splunk will accumulate data and start to move events through the bucketing process. With the millions or billions of events that are typical with a robust Splunk implementation, you can start to understand how searches run over long-time horizons can slow down.

There are two ways to circumvent this problem. In addition to search acceleration, completed earlier in this chapter, faster search results on large amounts of data can be achieved through summary indexing.

With summary indexing, you run a scheduled search and output the results into a different index, often called summary. The result will only show the computed statistics of the search. This results in a very small subset of data that will be ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required