All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What underlying database Splunk uese to operate?

SomnathShilimka
Explorer
‎04-30-2013 06:40 AM

Hi All,
i am newbie in splunk, i searched over documentation and also over community. but i did not get answer for question in my mind.
Question is :- What database Splunk uses to work ? like Oracle or MySQL or PostgreSQL ?

i also read one already posted question as provided on below link
http://splunk-base.splunk.com/answers/32499/what-database-engine-splunk-uses

on same link, in answers it is written like below :-
I am not sure what is unclear to you in the previous answer. Splunk uses it's own engine, and does not rely on any external databases in order to operate. It manages its own database via a series of flat files and indexes, and Damien has provided a few good resources for you to have an idea on how the data engine works.

does it means Splunk do not use any database like Oracle or MySQL etc ?

thanks & regards,
Somnath

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-16-2017 08:10 AM

alt text

0 Karma
Reply

bspargur1
New Member
‎02-16-2017 08:17 AM

Haha, that was an awesome pic. 🙂

0 Karma
Reply

stanwin
Contributor
‎02-16-2017 10:38 AM

Thats a biiiiig bucket 😄

0 Karma
Reply

bspargur1
New Member
‎02-16-2017 06:55 AM

You are looking specifically at the indexes. The kvstores are the mongodb. Do you have reference to how the Splunk generated alerts are stored?

0 Karma
Reply

bspargur1
New Member
‎02-16-2017 07:01 AM

I understand indexing but that is not the only place or way the Splunk stores data.

0 Karma
Reply

bspargur1
New Member
‎02-16-2017 06:24 AM

There are the indexes which are flat files. The lookups are csv files or mongodb. The alerts require relationships and are also stored in a DB but I can't recall off hand if it is mysql or mongodb. I think it is mysql.

0 Karma
Reply

nickhills
Ultra Champion
‎02-16-2017 06:47 AM

nope, mysql is not used inside splunk .
the kvstore is mongo, but again this is not used by splunk for anykind of relationship mapping or storage.\
The kvstore is provided for splunk applications to use not for splunk per se.

If my comment helps, please give it a thumbs up!
Reply

bspargur1
New Member
‎02-16-2017 07:12 AM

When you configure alerts in Splunk, where are they stored? How is the relationship to the event data that was used to generate the alert stored? 🙂

Splunk uses the mongodb to store data becasue csv files suck as they start to get large. I have always been curious why they used a json structured db over just using their flat file structure of the indexes with the mappings built in. Maybe because it is good and already existed?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-30-2013 06:44 AM

Indeed, no separate relational DB. The data structure underneath is Splunk-built.

Reply

martin_mueller
SplunkTrust
SplunkTrust
‎04-30-2013 07:48 AM

There is no separate product underneath, it's been built by Splunk.

Reply

SomnathShilimka
Explorer
‎04-30-2013 07:45 AM

Hi Martin_mueller
thanks for reply, i know for splunk no need of separate DB, what i want to know is :- what is name of that Splunk-built database(data structure) ?

Regards,
Somnath

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...