What is Splunk database engine?
Is it PostgreSQL?
Most Recent Activity:
by gkanapathy ♦
Up to 2 attachments (including images) can be used with a maximum of 524288 each and 1048576 total.
Splunk does not use arealtional database to store events and indexes.
The storage is all flat file based.
Please have a look here:
Hope that answers your question?
is it mean, Splunk develop its own system to do this from ZERO? And it is really does not have any kind direct/significant relation to other DB technology?
Yes, Splunk developed their own on-disk storage format from "zero". (If you call having a C++ compiler and standard libraries "zero") From an architecture perspective, there are large differences between an ACID-capable generalized RDBMS and (essentially) a search engine's data storage. Splunk does not have (and does not need) many of the features a relational DB has. Also, most relational DB's full-text search are ugly side-additions. The Splunk developers were able to make an on-disk data format that meets their needs exactly.
I think Splunk might be using Lucene as a backend seach engine, though I am not sure, and looking for a confirmation.
No. Splunk uses its own proprietary storage/db.
Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.
Answers and Comments
No one has followed this question yet.
Can Splunk monitor MSSQL database content
How to move the index database and remove the old directory?
"problem parsing indexes.conf [...]" after moving index db
Warm Databases not moving to cold database location
What is the naming convention behind the db_ buckets?