Chapter 9. Speeding Up Intelligence – Data Summarization
In this chapter, we will cover the methods that exist within Splunk to speed up intelligence. You will learn about:
- Calculating an hourly count of sessions versus completed transactions
- Backfilling the number of purchases by city
- Displaying the maximum number of concurrent sessions over time
Introduction
In Chapter 5, Extending Intelligence – Data Models and Pivoting, we learned all about data models and how they can be accelerated to facilitate faster Pivot reporting. Data model acceleration works by leveraging data summarization behind the scenes. In this chapter, we will take a look at two more data summarization methods within Splunk: summary indexing and report acceleration. These enable you to speed up reports or preserve focused statistics over long periods of time. You will learn how to populate summary indexes, use report acceleration, backfill summary indexes with historical data, and more.
Data summarization...