Other Usage

best way for exporting 6month vpc flow data for external reporting purpose(splunkcloud)

imsidrai
Explorer

I have a a saved search for vpcflow logs sourcetype which searches for particular CIDR (src_ip & dest_ip) but takes almost 3 4 hrs run the query when it searches for last 6months , I want the output for external reporting , what is the best method forward to save time & resources . we dont have data models on our search head.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please share you search so we can offer suggestions to optimize it.

VPC data can be huge so it will take time to process 6 months of it.  You should consider using a data model.  How much data is the search going through?  Is the data evenly distributed among the indexers?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...