Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Splunk Database

Tags:

lucene

splunk

I understand that Splunk does not need a lot of functionality that a MySQL database would provide, and to index and perform searches on Big Data it might not be a good option to use a relational database.

Does Splunk use Lucene as a search engine, or have they made their on-disk data format?

I am sorry if there are any problems in the way I am asking the question. This is my first question on Stack Overflow.

like image 952
Sambhav Sharma Avatar asked Jan 07 '14 11:01

Sambhav Sharma

People also ask

What is Splunk database?

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports.

Is Splunk SQL or NoSQL?

Splunk is a NoSQL database management system with a key value store data mode.

Can you use SQL in Splunk?

The Splunk Add-on for Microsoft SQL Server allows a Splunk software administrator to collect system performance, SQL server performance, log, audit, and status data from Microsoft SQL Server deployments.

Can Splunk query database?

With Splunk DB Connect, you can import and index data into Splunk Enterprise from a relational database, query it directly from Splunk Enterprise, or export the data from Splunk Enterprise to a relational database.

1 Answers

Splunk uses its own search engine, it's not based on any 3rd party.

Its search engine is based on files only, no database behind it. It does not store fields, but raw data only. The fields are extracted during search time, and due to that are very dynamic. Its also very fast in finding keywords in the data (needle in haystack).

  1. Breaking the data into time-based events, attaching time for each raw event.
  2. Marking every word found in the events and their location across the index
  3. Storing the events in compressed format (tar.gz)

To be more detailed, Splunk is storing data in the following way:

  1. Very fast search for keywords inside the events
  2. Look in the original raw data
  3. Create new fields on the raw data and use them with statistics commands.

Source: http://www.splunk.com/web_assets/pdfs/secure/Splunk_for_BigData.pdf http://docs.splunk.com/Documentation/Splunk/6.5.1/Indexer/Howindexingworks

+3 Years experience Splunk architect.

like image 136
barkai36 Avatar answered Sep 25 '22 04:09

barkai36
Sign in to Comment

Related questions

Understanding Lucene leading wildcard performance
Sitecore - Indexing data from presentation components with non-context datasources
ElasticSearch RegExp Filter regex dash
Multifield search in Lucene
Apache Lucene or another Search in iPhone app
How to build a conceptual search engine?
how much extra Space/RAM/CPU is used by apache solr?
How to query integers, floats in lucene and how to store (NumericComparator)?
I unloaded the default Solr Collection by mistake from the Solr Admin UI
solr / lucene idf score
Multiple queries in Solr
Lucene - retrieve all values for a multi-valued field in a document
ElasticSearch/Lucene query string — select "field X exists"
What does Lucene's ScoreDoc.score mean?
How to delete the documents a month ago
How to use MultiFieldQueryParser from Lucene?
Data-config.xml and mysql - I can load only "id" column
How to setup Lucene/Solr for a B2B web app?
Does solr use cosine similarity?
How to index and find numbers with Lucene.NET?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!