Database Reference
In-Depth Information
In short, in addition to breaking up chunks of data, it adds metadata (or data about
data), such as host (what device did the data come from), source (where did the
event originate from), and sourcetype (the format of the data), as well as
timestamps and other necessary information. The next step, indexing, breaks the
events into segments that can subsequently be searched. It creates a data structure
for the index and then writes the raw data and index files to disk. With this index
structure, searches in Splunk can be quickly done on massive data sets.
•
Data searching
: This quick searching capability is extremely valuable for users
of Splunk. Users often go to Splunk to find data they can use to answer questions.
Splunk makes it easy to search on different dimensions of the data. Since Splunk
indexes data before it is searched, the search process goes very quickly. Data
searching in Splunk helps enable the analysis of data (which is described next).
•
Data analysis
: Lastly, Splunk can be used to quickly and easily analyze data. Its
indexing creates a centralized data repository that can house data of many types
from a variety of sources. Splunk has a variety of default data visualizations for
reports and dashboards, and these can also be customized with little difficulty,
thereby letting users to target analyses to improve decision-making.
