Splunk Real-time Search 的研究
薛博赡
最近客户想搞清Splunk real-time search 和related search 有啥区别,想两个都试试,看看效果。
为了更好的说明什么是real-time search, 先看一下:
With real-time searches and reports, you can search events before they are indexed and preview reports as the events stream in.
Real-time search mechanics
Real-time searches scan events as the events arrive for indexing. When you kick off a real-time search, Splunk software scans the incoming events. The scan looks for events that contain index-time fields that indicate the event could be a match for your search.
As the real-time search runs, the s
类似资料: