Splunk Enterprise

Splunk as a general purpose data store?

rogeralsing
New Member

Can, or rather should I use Splunk as a general purpose data store?

We already use Splunk for logging and metrics and ingest about 100 gigs of data per day.

But the question have been brought up, if we need to do general purpose free text searches or structural searches from our line of business applications.
Is storing that data in Splunk a viable option?
If so, even long term storage?

Another usecase, if we do event sourcing (http://www.martinfowler.com/eaaDev/EventSourcing.html?s_tact=C43202QW)
Can Splunk be used as an event stream for that?

Or are the above usecases better suited for other tools?

//Roger

0 Karma

haley_swarnapat
Path Finder

Question> Splunk for general purpose free text searches or structural searches?
Splunk works best with time series data, while your use case might be more similar to master data management that changes often with update operation.
However you can all rows from DB everyday to Splunk using DB Connect Input Type = Batch if you want to, if it doesn't break your daily ingestion limit. With this, you will get all your data into Splunk, updated everyday.

Question> Can Splunk be used as an event stream for that? (event sourcing)
For the event sourcing you've mentioned, try STREAMSTATS command, the result will change as you change the time range of your search

0 Karma

rogeralsing
New Member

Anyone? .

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...