Splunk as a general purpose data store?

rogeralsing · ‎09-05-2016

Can, or rather should I use Splunk as a general purpose data store?

We already use Splunk for logging and metrics and ingest about 100 gigs of data per day.

But the question have been brought up, if we need to do general purpose free text searches or structural searches from our line of business applications.
Is storing that data in Splunk a viable option?
If so, even long term storage?

Another usecase, if we do event sourcing (http://www.martinfowler.com/eaaDev/EventSourcing.html?s_tact=C43202QW)
Can Splunk be used as an event stream for that?

Or are the above usecases better suited for other tools?

//Roger

haley_swarnapat · ‎09-08-2016

Question> Splunk for general purpose free text searches or structural searches?
Splunk works best with time series data, while your use case might be more similar to master data management that changes often with update operation.
However you can all rows from DB everyday to Splunk using DB Connect Input Type = Batch if you want to, if it doesn't break your daily ingestion limit. With this, you will get all your data into Splunk, updated everyday.

Question> Can Splunk be used as an event stream for that? (event sourcing)
For the event sourcing you've mentioned, try STREAMSTATS command, the result will change as you change the time range of your search

rogeralsing · ‎09-08-2016

Anyone? .

Splunk as a general purpose data store?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life