O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Searching within an index

Always remember to filter your searches by index. Not restricting your search to a specific index makes Splunk go through all available indexes, consuming unnecessary time and resources. The same can be said about filters for sourcetype if your searches only need to consider a specific set of data that resides in an index with many sourcetypes.

A normal question arises when designing your Splunk implementation about how many indexes to have and what data goes into each. Careful thought needs to be taken when planning for indexes and when you create a new index.

For example, all web server logs for the same software application can be placed in one index. You may then split the log types by sourcetype but keep them ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required