Hello, I have created a few indexes, each containing data only from one source with one sourcetype. From a search performance point of view - Is it necessary to include the sourcetype in each s...
Hey guys,
I currently have a 3-server architecture (2 central indexers with 1 search head). We are looking to have Splunk used by multiple sys admins and developers in the company. I foresee that...
Hi,
We are moving a 3 tier clustered splunk env from an on prem environment to a cloud instance - where we have been told we will be getting much better performance all round.
My question is h...
Hi We have very big indexes (300 GB ) Also we have very limited storage is it recommended to split the index to smaller indexes (storage , performance ) ?
I've heard that using Splunk's default source type detection is flexible, but can be hard on performance. What is the best way to define source types that keeps performance speedy?
...ource type. So I have 500 files in total of which 50 are changing at any time, and maybe 5,000,000 total events in Splunk.
My question relates to bestpractice for indexing for query performance....
Hi,
I am trying to set up a bunch of summary indexes and was wondering if there are any bestpractices to follow? Is there a performance difference between the old way and the new way of SI? A...
...earches that provide server and OS monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to the Performance Model of the Common Information Model, perhaps?
...rovide virtualization monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to the Performance Model of the Common Information Model, perhaps?
...hat provide storage monitoring without me having to deal with the complexities of the sourcetype differences? Something akin to Performance in the Common Information Model, perhaps?