Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SplunkのData Model Accelerationは何故早いのか

Avatar for odorusatoshi odorusatoshi
September 02, 2019
Technology
1
1.5k

SplunkのData Model Accelerationは何故早いのか

Data Model Acceleration(データモデル高速化)の仕組みをご紹介。

Avatar for odorusatoshi

odorusatoshi

September 02, 2019
Tweet

More Decks by odorusatoshi

See All by odorusatoshi
入門 PEAK Threat Hunting @SECCON
Avatar for odorusatoshi odorusatoshi
0
350
AWS VPC Traffic Mirroringを使って​ Fraud監視をスタート!​
Avatar for odorusatoshi odorusatoshi
0
270
無償のセキュリティ神Apps10選
Avatar for odorusatoshi odorusatoshi
0
880
SplunkとThreat Hunting
Avatar for odorusatoshi odorusatoshi
1
1.5k
Splunking_webproxy
Avatar for odorusatoshi odorusatoshi
0
430
Splunking_ActiveDirectory
Avatar for odorusatoshi odorusatoshi
0
380
Splunking_fw_dns
Avatar for odorusatoshi odorusatoshi
0
570
Splunking_sysmon
Avatar for odorusatoshi odorusatoshi
0
510
Splunking_AWS_security
Avatar for odorusatoshi odorusatoshi
0
320

Other Decks in Technology

See All in Technology
Snowflake Intelligence × Document AIで“使いにくいデータ”を“使えるデータ”に
Avatar for Kosaku Ono kevinrobot34
1
130
開発者を支える Internal Developer Portal のイマとコレカラ / To-day and To-morrow of Internal Developer Portals: Supporting Developers
Avatar for Kento Kimura aoto
PRO
1
480
Wantedlyの開発組織における生成AIの浸透プロジェクトについて
Avatar for kojiro tominaga kotominaga
2
120
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
Avatar for sh_fk2 sh_fk2
3
460
IoT x エッジAI - リアルタイ ムAI活用のPoCを今すぐ始め る方法 -
Avatar for niizawat niizawat
0
130
AIの最新技術&テーマをつまんで紹介&フリートークするシリーズ:はじめてのローカルLLM
Avatar for Shunsuke Tanaka stanaka26
0
110
Android Audio: Beyond Winning On It
Avatar for Atsushi Eno atsushieno
0
3.6k
下手な強制、ダメ!絶対! 「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは?
Avatar for Masataka Tsukamoto tsukaman
2
460
AIエージェント開発用SDKとローカルLLMをLINE Botと組み合わせてみた / LINEを使ったLT大会 #14
Avatar for you(@youtoy) you
PRO
0
130
機械学習を扱うプラットフォーム開発と運用事例
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
690
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
Avatar for Lautaro Carro lauchacarro
0
210
AI時代を生き抜くエンジニアキャリアの築き方 (AI-Native 時代、エンジニアという道は 「最大の挑戦の場」となる) / Building an Engineering Career to Thrive in the Age of AI (In the AI-Native Era, the Path of Engineering Becomes the Ultimate Arena of Challenge)
Avatar for JaeSoon Jeong jeongjaesoon
0
270

Featured

See All Featured
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
26
1.9k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
303
21k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
18
1.1k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
42
2.8k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
KATA
Avatar for Megan Lloyd mclloyd
32
14k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.1k
Producing Creativity
Avatar for Steve Smith orderedlist
PRO
347
40k
It's Worth the Effort
Avatar for 3n 3n
187
28k
Navigating Team Friction
Avatar for Lara Hogan lara
189
15k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
15k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.9k

Transcript

  1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Data Model

    Acceleration   Senior Sales Engineer 2019.07.06 Ver0.2

  2. © 2018 SPLUNK INC.     .C 

     @A024 # "$6     !E3 # # "$/;   =Authentication# *#+   # "$172 &+%-D 9B)8 &+% ?: (,$# "$/;5<4    ># "$Authentication'"$

  3. © 2018 SPLUNK INC.   Pivot# " $ (=)

    !

  4. © 2018 SPLUNK INC. ▶ ,4) • +4)4('#:6A<(&.(2@ -1(.tsidx*2)EC •

    -1indexbucket=?N  • -17;UQ> -1TRM J -1307;UPO • (&.(2$03!/4D@85 -1@#)3"LKG?(& .(29C@1%#FSHB ▶ I   • _raw .tsidx  ””         .'+*,.)- !&.#+(.!.$  

  5. © 2018 SPLUNK INC. :8'+(.tsidx%,)/= #!(#, *-).10 .tsidx2&.!64?> rawdata 

      5 <  3;"10 .tsidx2$-97 RawData          

  6. © 2018 SPLUNK INC.     #! "#!

       *%($# +) ($ . "'&0/  • 100% 21($ # +)  •  46.12MB- , !

  7. © 2018 SPLUNK INC.  VS  " 5/ #$-6

    0Authentication2 0Authentication!1'  +%)$  ,* )$2 (&43   19.202.  4.633.

  8. © 2018 SPLUNK INC. * '    @=+

    E/BC46'(Linuxwindows vpn )< %&+46?> &#<1  CIM;D Datamodel9, | datamodel *A+ !(3/246' Datamodel8 ) $  Datamodel *A+ %( :@+ *A(tstats) 8 )F | tstats !(3/246' Datamodel8 SPL !)  $  Datamodel *A+ %( :@+ Pivot-78 & #5. | pivot "-7 0 ,$( '#   "( ( ) I M f e f e fd C M d

  9. © 2018 SPLUNK INC. |datamodel     

      |datamodel Authentication search | search

  10. © 2018 SPLUNK INC. |tstats  Datamodel   

    |tstats summariesonly=true count from datamodel=Authentication groupby Authentication.user

  11. © 2018 SPLUNK INC. stats VS tstats VS tstats(summariesonly=t) Firewall

     !  • 0.299 • tstats summariesonly=t • ! $ • 4.239 • tstats summariesonly=f • #"_raw  • 28.966 • stats

  12. © 2018 SPLUNK INC. ▶ #& $"%!& *  https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutsummaryindex

    ing ▶ PIVOT vs DATAMODEL vs TSTATS (by Splunk Answers) https://answers.splunk.com/answers/330264/pivot-vs-datamodel-vs-tstats.html ▶   ' How Search Works - $$TSIDXTERM + () https://www.slideshare.net/takashikomatsubara50/how-search-works-tsidxterm