I have several DB connections with inputs configured. Everything works very well.
But there is one performance issue which I haven't been able to solve yet: when using Splunk search queries take long time to execute.
Usually, I make sure that all fields are indexed and then it's possible to use |tstats and make super-fast dashboards.
But I couldn't do the same for DB connect data as indexed time field extractions don't work there.
Is there a way to have input data in json or csv format to have automatic field indexing by Splunk?
Anyway all data coming from databases has predefined fields which could be immediately indexed to improve query performance greatly.
Thanks for your answer!
... View more