All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk MySQL Connector -> Can do this?

lpolo
Motivator
‎02-09-2012 04:55 AM

I have a table of ~11 million rows and 53 columns. The table looks like:

entity_id | week_1 | week_2 | ..... | week_52
abcd | 35874 | 587489 |.......| 5478

While we discover new entities with splunk the table can grow up to ~30 million rows.

I was wondering the following:
-. What is the maximum number of lookup output fields that MySQL connector can support?
-. Can I have up to 52 or 365 look up output fields?
-. what is the recommended maximum number of rows a lookup table can have?
-. If new entities and weekly data are discovered can Splunk MySQL connector insert the new entities and weekly data in the lookup table that is stored in MySQL?
-. In case we need to update, delete or insert some weekly data can Splunk MySQL connector perform updates, delete, and insert of this magnitude?
-. Is there any other approach you might recommend?

Thanks,
Lp

Tags (1)
Reply

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎02-09-2012 09:26 AM
  • What is the maximum number of lookup output fields that MySQLconnector can support?
    There is no inherent maximum number of output fields - if MySQL can support it so can the MySQL connector
  • Can I have up to 52 or 365 look up output fields?
    Yes, you should be able to
  • what is the recommended maximum number of rows a lookup table can have?
    This depends in a lot of things such as the MySQL server spec, MySQL tuning, schema design etc. With a commodity server and some tuning you should be able to get decent performance with hundreds of millions of rows
  • If new entities and weekly data are discovered can Splunk MySQL connector insert the new entities and weekly data in the lookup table that is stored in MySQL?
    Yes, you should be able to - look in mysqloutput command
  • In case we need to update, delete or insert some weekly data can Splunk MySQL connector perform updates, delete, and insert of this magnitude?
    Yes, you can use scheduled searches in Splunk to execute any table maintenance, look into mysqlquery command
  • Is there any other approach you might recommend?
    As far as maintenance of the tables you can also use cron jobs to run maintenance scripts
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...