Chapter 1. What's New in Splunk 6.3?
Splunk is known as the Google of machine log analytics. It is a very powerful, robust, and real-time big data analytics tool. In this chapter, we will study in detail how Splunk works in the backend and what is the backbone of Splunk due to which it can process big data in real time. We will also go through all the new techniques and architectural changes that have been introduced in Splunk 6.3 to make Splunk faster, better, and provide near real-time results.
The following topics will be covered in this chapter:
- The architecture
- Index parallelization
- Search parallelization
- Data integrity control
- Intelligent job scheduling
- The app's key-value store
- Securing Splunk Enterprise
- Single sign-on using SAML
Splunk's architecture
Splunk's architecture comprises of components that are responsible for data ingestion and indexing and analytics.

The lowest level of Splunk architecture depicts various data input methods supported by Splunk. These...