Imaging when you upload machine data into a Spunk engine, you are basically uploading a bunch of data that are most likely unstructured and cannot be understand or stored by traditional relational database in a structured way. However, Splunk can get you the result in less than one second when you search it. Splunk must have some special way to classify the data. Have you even image how does Splunk read your machine data?
The selling point of Splunk is its unique ability to index machine data. This ability allows Splunk to quickly search for analysis, reporting and alerts.
What? Splunk index machine data? Yes! Remember, from previous blog Splunk Tutorial 03: Licensing of Splunk 7.1.1, we have mentioned that Splunk is charged per indexed data. Splunk actually read your data by indexing it with it’s own way.
Following is how splunk index your data.