Menu
I understand that Splunk does not need a lot of functionality that a MySQL database would provide, and to index and perform searches on Big Data it might not be a good option to use a relational database.
Does Splunk use Lucene as a search engine, or have they made their on-disk data format?
I am sorry if there are any problems in the way I am asking the question. This is my first question on Stack Overflow.
952
Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports.
Splunk is a NoSQL database management system with a key value store data mode.
The Splunk Add-on for Microsoft SQL Server allows a Splunk software administrator to collect system performance, SQL server performance, log, audit, and status data from Microsoft SQL Server deployments.
With Splunk DB Connect, you can import and index data into Splunk Enterprise from a relational database, query it directly from Splunk Enterprise, or export the data from Splunk Enterprise to a relational database.
Splunk uses its own search engine, it's not based on any 3rd party.
Its search engine is based on files only, no database behind it. It does not store fields, but raw data only. The fields are extracted during search time, and due to that are very dynamic. Its also very fast in finding keywords in the data (needle in haystack).
To be more detailed, Splunk is storing data in the following way:
Source: http://www.splunk.com/web_assets/pdfs/secure/Splunk_for_BigData.pdf http://docs.splunk.com/Documentation/Splunk/6.5.1/Indexer/Howindexingworks
+3 Years experience Splunk architect.
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
