Introduction
In Chapter 5, Extending Intelligence – Data Models and Pivoting, we learned all about data models and how they can be accelerated to facilitate faster Pivot reporting. Data model acceleration works by leveraging data summarization behind the scenes. In this chapter, we will take a look at two more data summarization methods within Splunk: summary indexing and report acceleration. These enable you to speed up reports or preserve focused statistics over long periods of time. You will learn how to populate summary indexes, use report acceleration, backfill summary indexes with historical data, and more.
Data summarization
Big Data is, just that, big, and even with the best infrastructure, it can be extremely time consuming to search or report over large datasets and/or very costly to store for long periods of time. Within Splunk exists data summarization features that simplify and speed up reporting over large datasets. Data summarization essentially allows for raw event datasets...