You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Product type Paperback

Published in Jan 2023

Publisher Packt

ISBN-13 9781803249414

Length 336 pages

Edition 1st Edition

Tools

Splunk

Concepts

Data Analysis

Author (1):

Dr. Nadine Shillingford

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1: Getting Started with Splunk

2. Chapter 1: Introduction to Splunk and its Core Components FREE CHAPTER

3. Chapter 2: Setting Up the Splunk Environment

4. Chapter 3: Onboarding and Normalizing Data

5. Part 2: Visualizing Data with Splunk

6. Chapter 4: Introduction to SPL

7. Chapter 5: Reporting Commands, Lookups, and Macros

8. Chapter 6: Creating Tables and Charts Using SPL

9. Chapter 7: Creating Dynamic Dashboards

10. Part 3: Advanced Topics in Splunk

11. Chapter 8: Licensing, Indexing, and Buckets

12. Chapter 9: Clustering and Advanced Administration

13. Chapter 10: Data Models, Acceleration, and Other Ways to Improve Performance

14. Chapter 11: Multisite Splunk Deployments and Federated Search

15. Chapter 12: Container Management

16. Index

Why subscribe?

17. Other Books You May Enjoy

Understanding Splunk indexing and buckets

The strength of Splunk comes from the way data is indexed. Logically, a Splunk index is a repository of data that is stored in a uniform manner to make searching efficient. Physically, an index is a set of subdirectories called buckets. The term indexing in Splunk refers to the process whereby data coming from multiple sources into Splunk is organized into Splunk indexes. In this section, we will explore the mechanisms used to store data in indexes and buckets.

Raw data is forwarded from the source into Splunk. This data is converted into Splunk events, which are organized into indexes. An index is an immutable repository of data – that is, once data is added to an index, it cannot be edited. This goes back to the concept of the immutability of big data that we discussed in Chapter 1, Introduction to Splunk and its Core Components. There is no way to delete individual events from an index, but Splunk allows the following:

...

The rest of the chapter is locked

You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Table of Contents (18) Chapters

Understanding Splunk indexing and buckets

Authors (1)

Personalised recommendations for you

You're reading from Data Analytics Using Splunk 9.x A practical guide to implementing Splunk's features for performing data analysis at scale

Table of Contents (18) Chapters

Understanding Splunk indexing and buckets

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you