Splunk Search

Question about the metrics index in Splunk 7.0.0 and search efficiency

ako_y
New Member

In the splunk system we developed, we have 2.8 billion records as of now.

The problem is that it's a single configuration (not using idexer/search head yet)
and depending on the search condition, it takes so long for searching the data.

If I update to splunk 7.0, I can see that the search speed may be improved.


First you will need to create a new index that is specifically tuned for metrics data.
This index will use our Metrics Store which provides the ability to ingest and store metric measurements at scale.


Regarding to "a new index that is specifically tuned for metrics data.",
Will I still be able to search the current data after upgrading to 7.0 and creating new index for metrics data?

Thanks so much for your help in advance.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

After you upgrade to 7.0 your existing data will be unchanged. It will remain in its current index. The new index will be for metrics data onboarded after the upgrade. There is no way to transfer data from one index to another as metrics indexes are very different from event indexes.

See the Metrics manual (http://docs.splunk.com/Documentation/Splunk/7.0.0/Metrics/Overview) for more information about metrics.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...