All Apps and Add-ons
Highlighted

What is Splunk database engine?

Explorer

What is Splunk database engine?

Is it PostgreSQL?

Tags (2)
Highlighted

Re: What is Splunk database engine?

Splunk Employee
Splunk Employee

Hi there,

Splunk does not use arealtional database to store events and indexes.

The storage is all flat file based.

Please have a look here:

http://www.splunk.com/base/Documentation/4.1.4/Admin/WhatsaSplunkindex

Hope that answers your question?

Cheers,

simuvid

Highlighted

Re: What is Splunk database engine?

Splunk Employee
Splunk Employee
Highlighted

Re: What is Splunk database engine?

Explorer

is it mean, Splunk develop its own system to do this from ZERO? And it is really does not have any kind direct/significant relation to other DB technology?

Highlighted

Re: What is Splunk database engine?

SplunkTrust
SplunkTrust

Yes, Splunk developed their own on-disk storage format from "zero". (If you call having a C++ compiler and standard libraries "zero") From an architecture perspective, there are large differences between an ACID-capable generalized RDBMS and (essentially) a search engine's data storage. Splunk does not have (and does not need) many of the features a relational DB has. Also, most relational DB's full-text search are ugly side-additions. The Splunk developers were able to make an on-disk data format that meets their needs exactly.

Highlighted

Re: What is Splunk database engine?

New Member

I think Splunk might be using Lucene as a backend seach engine, though I am not sure, and looking for a confirmation.

0 Karma
Highlighted

Re: What is Splunk database engine?

Legend

No. Splunk uses its own proprietary storage/db.

Highlighted

Re: What is Splunk database engine?

Explorer

Yes, it might use its own proprietary storage, but what about the search engine? Lucene sounds like a good possibility.

0 Karma
Highlighted

Re: What is Splunk database engine?

Path Finder

Splunk might be using mongDB database, not sure even i want confirmation.

Why mongoDB: Coz i have seen the process named mongoDB running when indexer starts or restart.

Also source = C:\Program Files\Splunk\var\log\splunk\mongod.log with index=_internal*

0 Karma
Highlighted

Re: What is Splunk database engine?

Path Finder

I believe the mongoDB is part of the KV Store not indexing.

0 Karma