It's definitely not 300 GB/indexer/day. Will you rate it at 5-10 GB/indexer/day? It took my cloud VM less than 20 hours to process 10 GB of historical log. I have not forwarded any new log. No replication means down time and catch up time. And this app has yet to be tested on SHC.
https://answers.splunk.com/answers/320824/is-the-splunk-app-for-web-analytics-supported-in-a.html
https://answers.splunk.com/answers/172070/is-the-data-from-accelerated-data-models-and-repor.html
Where the Splunk platform creates and stores report acceleration summaries
http://docs.splunk.com/Documentation/Splunk/6.3.1/Knowledge/Manageacceleratedsearchsummaries
Hi h
There is a new version of the app, v1.6, now that improves the performance. There will be significant improvement on the initial data model and lookup build as it uses the KV store.
Once upgraded, perhaps you can test and share your results with this new version?
https://splunkbase.splunk.com/app/2699/
j
Hi h
There is a new version of the app, v1.6, now that improves the performance. There will be significant improvement on the initial data model and lookup build as it uses the KV store.
Once upgraded, perhaps you can test and share your results with this new version?
https://splunkbase.splunk.com/app/2699/
j