Splunk Query Optimization
Hello Everyone, I am learning to document and this would be my first article. Why are we looking to optimize query: Any query to humans reamains quick and crisp sometime. They may be relevant and some time few useful information and may be sometimes, when similar mind speaks, they are right to the point. Now similar thing happens when a humans query to machines. Who requires optimization? 1. Novice/New learner They are learners and try to find all possible answer that can satisfy their work or themself. 2. Advanced users This is typically required when we miss to notice minor keywords when writing query. How can we optimize our Splunk query: Splunk has many moving parts and querying just like anything would be catching up a fish in lake/ocean. Lets get started: You need to know and reacall components from architecutural point of view too. Each section are interconnected and you have to co-relate before running query. A. What output you requre? Whe