Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SplunkのData Model Accelerationは何故早いのか

odorusatoshi
September 02, 2019
Technology
1
1.3k

SplunkのData Model Accelerationは何故早いのか

Data Model Acceleration(データモデル高速化)の仕組みをご紹介。

odorusatoshi

September 02, 2019
Tweet

More Decks by odorusatoshi

See All by odorusatoshi
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
150
AWS VPC Traffic Mirroringを使って​ Fraud監視をスタート!​
odorusatoshi
0
230
無償のセキュリティ神Apps10選
odorusatoshi
0
770
SplunkとThreat Hunting
odorusatoshi
1
1.4k
Splunking_webproxy
odorusatoshi
0
410
Splunking_ActiveDirectory
odorusatoshi
0
350
Splunking_fw_dns
odorusatoshi
0
550
Splunking_sysmon
odorusatoshi
0
480
Splunking_AWS_security
odorusatoshi
0
300

Other Decks in Technology

See All in Technology
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
設計を積み重ねてシステムを刷新する
sansantech
PRO
0
160
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
190
AWSではじめる Web APIテスト実践ガイド / A practical guide to testing Web APIs on AWS
yokawasa
7
660
ディスプレイ広告(Yahoo!広告・LINE広告)におけるバックエンド開発
lycorptech_jp
PRO
0
340
JavaにおけるNull非許容性
skrb
2
2.6k
Amazon Aurora のバージョンアップ手法について
smt7174
2
140
クラウド食堂とは?
hiyanger
0
110
Amazon Q Developerの無料利用枠を使い倒してHello worldを表示させよう!
nrinetcom
PRO
2
110
ESXi で仮想化した ARM 環境で LLM を動作させてみるぞ
unnowataru
0
170
Autonomous Database Serverless 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
17
45k
偏光画像処理ライブラリを作った話
elerac
1
170

Featured

See All Featured
The Language of Interfaces
destraynor
156
24k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
430
How to Ace a Technical Interview
jacobian
276
23k
The Invisible Side of Design
smashingmag
299
50k
Why Our Code Smells
bkeepers
PRO
336
57k
Optimizing for Happiness
mojombo
376
70k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
49
2.3k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
Into the Great Unknown - MozCon
thekraken
35
1.6k
KATA
mclloyd
29
14k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k

Transcript

  1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Data Model

    Acceleration   Senior Sales Engineer 2019.07.06 Ver0.2

  2. © 2018 SPLUNK INC.     .C 

     @A024 # "$6     !E3 # # "$/;   =Authentication# *#+   # "$172 &+%-D 9B)8 &+% ?: (,$# "$/;5<4    ># "$Authentication'"$

  3. © 2018 SPLUNK INC.   Pivot# " $ (=)

    !

  4. © 2018 SPLUNK INC. ▶ ,4) • +4)4('#:6A<(&.(2@ -1(.tsidx*2)EC •

    -1indexbucket=?N  • -17;UQ> -1TRM J -1307;UPO • (&.(2$03!/4D@85 -1@#)3"LKG?(& .(29C@1%#FSHB ▶ I   • _raw .tsidx  ””         .'+*,.)- !&.#+(.!.$  

  5. © 2018 SPLUNK INC. :8'+(.tsidx%,)/= #!(#, *-).10 .tsidx2&.!64?> rawdata 

      5 <  3;"10 .tsidx2$-97 RawData          

  6. © 2018 SPLUNK INC.     #! "#!

       *%($# +) ($ . "'&0/  • 100% 21($ # +)  •  46.12MB- , !

  7. © 2018 SPLUNK INC.  VS  " 5/ #$-6

    0Authentication2 0Authentication!1'  +%)$  ,* )$2 (&43   19.202.  4.633.

  8. © 2018 SPLUNK INC. * '    @=+

    E/BC46'(Linuxwindows vpn )< %&+46?> &#<1  CIM;D Datamodel9, | datamodel *A+ !(3/246' Datamodel8 ) $  Datamodel *A+ %( :@+ *A(tstats) 8 )F | tstats !(3/246' Datamodel8 SPL !)  $  Datamodel *A+ %( :@+ Pivot-78 & #5. | pivot "-7 0 ,$( '#   "( ( ) I M f e f e fd C M d

  9. © 2018 SPLUNK INC. |datamodel     

      |datamodel Authentication search | search

  10. © 2018 SPLUNK INC. |tstats  Datamodel   

    |tstats summariesonly=true count from datamodel=Authentication groupby Authentication.user

  11. © 2018 SPLUNK INC. stats VS tstats VS tstats(summariesonly=t) Firewall

     !  • 0.299 • tstats summariesonly=t • ! $ • 4.239 • tstats summariesonly=f • #"_raw  • 28.966 • stats

  12. © 2018 SPLUNK INC. ▶ #& $"%!& *  https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutsummaryindex

    ing ▶ PIVOT vs DATAMODEL vs TSTATS (by Splunk Answers) https://answers.splunk.com/answers/330264/pivot-vs-datamodel-vs-tstats.html ▶   ' How Search Works - $$TSIDXTERM + () https://www.slideshare.net/takashikomatsubara50/how-search-works-tsidxterm