You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Product type Paperback

Published in Jan 2023

Publisher Packt

ISBN-13 9781803249414

Length 336 pages

Edition 1st Edition

Tools

Splunk

Concepts

Data Analysis

Author (1):

Dr. Nadine Shillingford

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Getting Started with Splunk

2. Chapter 1: Introduction to Splunk and its Core Components FREE CHAPTER

3. Chapter 2: Setting Up the Splunk Environment

4. Chapter 3: Onboarding and Normalizing Data

5. Part 2: Visualizing Data with Splunk

6. Chapter 4: Introduction to SPL

7. Chapter 5: Reporting Commands, Lookups, and Macros

8. Chapter 6: Creating Tables and Charts Using SPL

9. Chapter 7: Creating Dynamic Dashboards

10. Part 3: Advanced Topics in Splunk

11. Chapter 8: Licensing, Indexing, and Buckets

12. Chapter 9: Clustering and Advanced Administration

13. Chapter 10: Data Models, Acceleration, and Other Ways to Improve Performance

14. Chapter 11: Multisite Splunk Deployments and Federated Search

15. Chapter 12: Container Management

16. Index

Why subscribe?

17. Other Books You May Enjoy

Data Models, Acceleration, and Other Ways to Improve Performance

In this chapter, we will shift gears and look at ways we can improve performance in Splunk. We will introduce concepts such as datasets, lookups, and data models in Splunk. Datasets, lookups, and data models are all logical ways of storing data in Splunk to improve search performance. In addition, data models can be accelerated – that is, data in the data model is stored with indexed fields. These additional indexed fields can be specified in searches using special commands such as the Splunk tstats command. The tstats command can be used with aggregate functions such as avg() and earliest(). We will learn different terms associated with data models such as constraints, root events, and child searches. The Splunk Common Information Model (CIM) add-on is a useful add-on that comes preconfigured with data models that, when implemented properly, improve Splunk’s performance. We will explore the different data...