Re: data model acceleration

sarit_s · ‎10-21-2020

Hello,

I have data model that i want to change the acceleration time to all time.

since im working with kubernetece the change has to be in the config files directly and not through the ui.

i saw in the documentation that empty string for

acceleration.earliest_time

means all time

but when i change this field to be empty, the configuration in the ui changed to be 1 day instead of all time as it should.

any ideas ?

thanks

richgalloway · ‎10-21-2020

Searching All Time rarely is a good idea, especially for datamodels. The goal of DMA is to make accessing your data faster in routine searches. One-off and non-routine searches usually can wait the extra time it takes to gather the data. Otherwise, you're putting extra work on your system to search (and store) more than is necessary.

What is the use case for having All Time data accelerated?

---
If this reply helps you, Karma would be appreciated.

sarit_s · ‎10-21-2020

Well, its not permanent

we want to run some statistics over data older than a year

data model acceleration

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Join the Conversation