![]() Splunk Enterprise handles everything with flat files it doesn't require any third-party database software running in the background. Splunk Enterprise manages its indexes to facilitate flexible searching and fast data retrieval, eventually archiving them according to a user-configurable schedule. See How Splunk Enterprise stores indexes. The files reside in directories organized by age. Indexes that point to the raw data ( index files, also referred to as tsidx files), plus some metadata files.The raw data in compressed form ( rawdata).These files fall into two main categories: Splunk Enterprise ships with several indexes, and you can create additional indexes as needed.Ī Splunk Enterprise index contains a variety of files. By maintaining multiple, identical copies of data, clusters prevent data loss while promoting data availability for searching.Īs Splunk Enterprise processes incoming data, it adds the data to indexes. This process is known as index replication, or indexer clustering. This manual focuses exclusively on the indexing function, in the context of either a single-instance or a distributed deployment.Īn indexer cluster is a group of indexers configured to replicate each others' data, so that the system keeps multiple copies of all data. In a larger, distributed deployment, however, the functions of data input and search management are allocated to other Splunk Enterprise components. For small deployments, a single instance might perform other Splunk Enterprise functions as well, such as data input and search management. Splunk Enterprise transforms incoming data into events, which it stores in indexes.Īn indexer is a Splunk Enterprise instance that indexes data. The index is the repository for Splunk Enterprise data. This manual discusses Splunk Enterprise data repositories and the Splunk Enterprise components that create and manage them.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |