Displaying the maximum number of concurrent sessions over time
In the past two recipes of this chapter, you leveraged a method of data summarization called summary indexing to summarize data into a new index, which you then reported on. In this recipe, you will use another method of data summarization known as report acceleration to speed up your report times.
In this recipe, you will create a report to look for the maximum number of concurrent sessions over a time period of 30 days. This report will then be accelerated to speed up the time taken to execute the search.
Getting ready
To step through this recipe, you will need a running Splunk Enterprise server, with the sample data loaded from Chapter 1, Play Time – Getting Data In. You should be familiar with navigating the Splunk user interface and using the Splunk search language.
How to do it...
Follow the steps in this recipe to leverage report acceleration to display the maximum number of concurrent sessions over time:
- Log in to your...