Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SplunkのData Model Accelerationは何故早いのか

Avatar for odorusatoshi odorusatoshi
September 02, 2019
Technology
1
1.5k

SplunkのData Model Accelerationは何故早いのか

Data Model Acceleration(データモデル高速化)の仕組みをご紹介。

Avatar for odorusatoshi

odorusatoshi

September 02, 2019
Tweet

More Decks by odorusatoshi

See All by odorusatoshi
入門 PEAK Threat Hunting @SECCON
Avatar for odorusatoshi odorusatoshi
0
370
AWS VPC Traffic Mirroringを使って​ Fraud監視をスタート!​
Avatar for odorusatoshi odorusatoshi
0
280
無償のセキュリティ神Apps10選
Avatar for odorusatoshi odorusatoshi
0
960
SplunkとThreat Hunting
Avatar for odorusatoshi odorusatoshi
1
1.5k
Splunking_webproxy
Avatar for odorusatoshi odorusatoshi
0
440
Splunking_ActiveDirectory
Avatar for odorusatoshi odorusatoshi
0
380
Splunking_fw_dns
Avatar for odorusatoshi odorusatoshi
0
580
Splunking_sysmon
Avatar for odorusatoshi odorusatoshi
0
520
Splunking_AWS_security
Avatar for odorusatoshi odorusatoshi
0
320

Other Decks in Technology

See All in Technology
お試しで oxlint を導入してみる #vuefes_aftertalk
Avatar for 弁護士ドットコム bengo4com
2
1.3k
Snowflake Marketplaceには”PODB”という便利なオープンデータがあってAI Ready対応してるらしいよ/the-snowflake-marketplace-has-a-useful-open-data-source-called-PODB-that-is-apparently-AI-ready
Avatar for shinyaa31 shinyaa31
0
260
AIがコードを書いてくれるなら、新米エンジニアは何をする? / komekaigi2025
Avatar for Yukiya Nakagawa nkzn
25
18k
Data & AIの未来とLakeHouse
Avatar for Satoru Ishikawa ishikawa_satoru
0
640
Playwrightで始めるUI自動テスト入門
Avatar for とことんDevOps devops_vtj
0
250
日々のSlackアラート確認運用をCustom Chat Modesで楽にした話 / 日々のSlackアラート確認運用をCustom Chat Modesで楽にした話
Avatar for Imamoto Hikaru imamotohikaru
0
110
今日から使える AWS Step Functions 小技集 / AWS Step Functions Tips
Avatar for Masanori Yamaguchi kinunori
5
620
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
3.9k
ソフトウェアエンジニアとデータエンジニアの違い・キャリアチェンジ
Avatar for k.muguruma mtpooh
1
690
Data Engineering Guide 2025 #data_summit_findy by @Kazaneya_PR / 20251106
Avatar for 風音屋 (Kazaneya) kazaneya
PRO
10
2k
品質保証の取り組みを広げる仕組みづくり〜スキルの移譲と自律を支える実践知〜
Avatar for tarappo tarappo
2
740
MCP サーバーの基礎から実践レベルの知識まで
Avatar for azukiazusa azukiazusa1
26
13k

Featured

See All Featured
Six Lessons from altMBA
Avatar for Skipper Chong Warson skipperchong
29
4.1k
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
11k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
280
24k
Designing for Performance
Avatar for Lara Hogan lara
610
69k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
303
21k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
31
2.7k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.7k
Navigating Team Friction
Avatar for Lara Hogan lara
190
15k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
253
22k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k

Transcript

  1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Data Model

    Acceleration   Senior Sales Engineer 2019.07.06 Ver0.2

  2. © 2018 SPLUNK INC.     .C 

     @A024 # "$6     !E3 # # "$/;   =Authentication# *#+   # "$172 &+%-D 9B)8 &+% ?: (,$# "$/;5<4    ># "$Authentication'"$

  3. © 2018 SPLUNK INC.   Pivot# " $ (=)

    !

  4. © 2018 SPLUNK INC. ▶ ,4) • +4)4('#:6A<(&.(2@ -1(.tsidx*2)EC •

    -1indexbucket=?N  • -17;UQ> -1TRM J -1307;UPO • (&.(2$03!/4D@85 -1@#)3"LKG?(& .(29C@1%#FSHB ▶ I   • _raw .tsidx  ””         .'+*,.)- !&.#+(.!.$  

  5. © 2018 SPLUNK INC. :8'+(.tsidx%,)/= #!(#, *-).10 .tsidx2&.!64?> rawdata 

      5 <  3;"10 .tsidx2$-97 RawData          

  6. © 2018 SPLUNK INC.     #! "#!

       *%($# +) ($ . "'&0/  • 100% 21($ # +)  •  46.12MB- , !

  7. © 2018 SPLUNK INC.  VS  " 5/ #$-6

    0Authentication2 0Authentication!1'  +%)$  ,* )$2 (&43   19.202.  4.633.

  8. © 2018 SPLUNK INC. * '    @=+

    E/BC46'(Linuxwindows vpn )< %&+46?> &#<1  CIM;D Datamodel9, | datamodel *A+ !(3/246' Datamodel8 ) $  Datamodel *A+ %( :@+ *A(tstats) 8 )F | tstats !(3/246' Datamodel8 SPL !)  $  Datamodel *A+ %( :@+ Pivot-78 & #5. | pivot "-7 0 ,$( '#   "( ( ) I M f e f e fd C M d

  9. © 2018 SPLUNK INC. |datamodel     

      |datamodel Authentication search | search

  10. © 2018 SPLUNK INC. |tstats  Datamodel   

    |tstats summariesonly=true count from datamodel=Authentication groupby Authentication.user

  11. © 2018 SPLUNK INC. stats VS tstats VS tstats(summariesonly=t) Firewall

     !  • 0.299 • tstats summariesonly=t • ! $ • 4.239 • tstats summariesonly=f • #"_raw  • 28.966 • stats

  12. © 2018 SPLUNK INC. ▶ #& $"%!& *  https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutsummaryindex

    ing ▶ PIVOT vs DATAMODEL vs TSTATS (by Splunk Answers) https://answers.splunk.com/answers/330264/pivot-vs-datamodel-vs-tstats.html ▶   ' How Search Works - $$TSIDXTERM + () https://www.slideshare.net/takashikomatsubara50/how-search-works-tsidxterm