5
Splunk Index Management
Indexes are repositories of data. Splunk Enterprise stores data as events in indexes. An event refers to a single data record or log entry. It could be a line from a log file, a message from a network source, or any piece of information that is indexed and processed by Splunk. So far in this book, we have seen the forwarders used to monitor and forward data to indexers. You must be wondering how data is processed and where it is stored in the indexer component. In this chapter, you will get the answers you are looking for. It is crucial for system administrators to know about indexes as they organize the creation, management, access control, and storage estimations of indexes in their day-to-day work.
We will begin ...
Get Splunk 9.x Enterprise Certified Admin Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.