Databases Reference
In-Depth Information
This will give us a neat graph as shown in the following screenshot:
Because this is created from the summary, instead of three minutes, this query
completes in 1.5 seconds.
In this specific case, using
collect
was four times faster than using the
fill_
summary_index.py
script. That said, it is much easier to make a mistake, so be
very careful. Rehearse with
collect testmode=true
and a trailing
stats
or
timechart
command.
Reducing summary index size
If the saved search populating a summary index produces too many results, the
summary index is less effective at speeding up searches. This usually occurs because
one or more of the fields used for grouping has more unique values than is expected.
One common example of a field that can have many unique values is the URL in a
web access log. The number of URL values might increase in instances where:
• The URL contains a session ID
• The URL contains search terms
• Hackers are throwing URLs at your site trying to break in
• Your security team runs tools looking for vulnerabilities
On top of this, multiple URLs can represent exactly the same resource, as follows:
•
/home/index.html
•
/home/
•
/home/index.html?a=b
•
/home/?a=b
We will cover a few approaches to flatten these values. These are just examples and
ideas, as your particular case may require a different approach.
Search WWH ::
Custom Search