Splunk Tutorial 10: How does Splunk read input data?

Imaging when you upload machine data into a Spunk engine, you are basically uploading a bunch of data that are most likely unstructured and cannot be understand or stored by traditional relational database in a structured way. However, Splunk can get you the result in less than one second when you search it. Splunk must have some special way to classify the data. Have you even image how does Splunk read your machine data?

The selling point of Splunk is its unique ability to index machine data. This ability allows Splunk to quickly search for analysis, reporting and alerts.

What? Splunk index machine data? Yes! Remember, from previous blog Splunk Tutorial 03: Licensing of Splunk 7.1.1, we have mentioned that Splunk is charged per indexed data. Splunk actually read your data by indexing it with it’s own way.

Following is how splunk index your data.

Read more

Splunk Tutorial 01: What is Splunk?

What is Splunk? Is it a Business Intelligence (BI) tools? No. It is more than a traditional BI tools.   [vtftable cols=”{0}0-3:d9d9d9;{/}”] Platform;;;Data;;;Primary Sources;;;Real Time;nn; Splunk;;;Unstructured (included Machine Data) &{;n}Structured;;;IT Systems;;;Close to Real Time;nn; BI Tools;;;Structured;;;Databases;;;Usually No;nn; [/vtftable]   Traditional BI tools summarise data from database and them produce the report reporting the fact and … Read more