Displaying the maximum number of concurrent sessions over time
In the past two recipes of this chapter, you leveraged a method of data summarization called summary indexing to summarize data in a new index, which you then reported on. In this recipe, you will use another method of data summarization known as report acceleration to speed up your report times.
In this recipe, you will create a report to look for the maximum number of concurrent sessions over a time period of 30 days. This report will then be accelerated to speed up the time taken to execute the search.
To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should be familiar ...