Solved: How Splunk DB manages data which has record of sam...

snehal8 · ‎04-05-2013

Hello everyone,

i read this following link

Now i have one question in my mind,what happen when more than 10 records has same time stamp in database,then how splunk will handle this. it take which record came fast?

i know this is silly question,but i want to clear how process will go.

thank you

jbsplunk · ‎04-05-2013

Splunk can index up to 100,000 records with the same time stamp. After that we'll start to increment the timestamp. For a detailed discussion of this, please see:

http://splunk-base.splunk.com/answers/303/whats-max-events-i-can-have-timestamped-with-a-particular-...

View solution in original post

jbsplunk · ‎04-05-2013

Splunk can index up to 100,000 records with the same time stamp. After that we'll start to increment the timestamp. For a detailed discussion of this, please see:

http://splunk-base.splunk.com/answers/303/whats-max-events-i-can-have-timestamped-with-a-particular-...

snehal8 · ‎04-05-2013

Thank you.

How Splunk DB manages data which has record of same timestamp

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI