Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk as a general purpose data store?

rogeralsing
New Member
‎09-05-2016 06:53 AM

Can, or rather should I use Splunk as a general purpose data store?

We already use Splunk for logging and metrics and ingest about 100 gigs of data per day.

But the question have been brought up, if we need to do general purpose free text searches or structural searches from our line of business applications.
Is storing that data in Splunk a viable option?
If so, even long term storage?

Another usecase, if we do event sourcing (http://www.martinfowler.com/eaaDev/EventSourcing.html?s_tact=C43202QW)
Can Splunk be used as an event stream for that?

Or are the above usecases better suited for other tools?

//Roger

0 Karma
Reply

haley_swarnapat
Path Finder
‎09-08-2016 04:39 AM

Question> Splunk for general purpose free text searches or structural searches?
Splunk works best with time series data, while your use case might be more similar to master data management that changes often with update operation.
However you can all rows from DB everyday to Splunk using DB Connect Input Type = Batch if you want to, if it doesn't break your daily ingestion limit. With this, you will get all your data into Splunk, updated everyday.

Question> Can Splunk be used as an event stream for that? (event sourcing)
For the event sourcing you've mentioned, try STREAMSTATS command, the result will change as you change the time range of your search

0 Karma
Reply

rogeralsing
New Member
‎09-08-2016 02:17 AM

Anyone? .

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...