Hi guys,
I am a newbie to splunk, as i was reading through Splunk i understand the splunk indexes the data only during read. From my understanding
I am just trying to wrap my mind on what kind of scenario i would be happy using splunk , instead of document oriented data store like
elastic search or solr and use a from end tool.
Thanks,
sam.
Splunk indexes data as it is received from the source so it is fully indexed by the time you make your queries. Doing the indexing at query time would indeed be costly.
There are scenarios for which other datastores may be a better solution, but Splunk is quite efficient when it comes to indexing and searching text.