![]() With Schema-on-Read that Splunk uses, you slice and dice the data during search time with no persistent modifications done to the indexes. Schema-on-Write, which requires you to define the fields ahead of Indexing, is what you will find in most log aggregation platforms (including Elastic Search). Schema-on-Read, in fact, is the superior strength of Splunk that you won’t find in any other log aggregation platforms. Instead, you should use search-time extractions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |