Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

SplunkのData Model Accelerationは何故早いのか

Avatar for odorusatoshi odorusatoshi
September 02, 2019
Technology
1
1.5k

SplunkのData Model Accelerationは何故早いのか

Data Model Acceleration(データモデル高速化)の仕組みをご紹介。

Avatar for odorusatoshi

odorusatoshi

September 02, 2019
Tweet

More Decks by odorusatoshi

See All by odorusatoshi
入門 PEAK Threat Hunting @SECCON
Avatar for odorusatoshi odorusatoshi
0
390
AWS VPC Traffic Mirroringを使って​ Fraud監視をスタート!​
Avatar for odorusatoshi odorusatoshi
0
280
無償のセキュリティ神Apps10選
Avatar for odorusatoshi odorusatoshi
0
1.1k
SplunkとThreat Hunting
Avatar for odorusatoshi odorusatoshi
1
1.6k
Splunking_webproxy
Avatar for odorusatoshi odorusatoshi
0
440
Splunking_ActiveDirectory
Avatar for odorusatoshi odorusatoshi
0
390
Splunking_fw_dns
Avatar for odorusatoshi odorusatoshi
0
580
Splunking_sysmon
Avatar for odorusatoshi odorusatoshi
0
530
Splunking_AWS_security
Avatar for odorusatoshi odorusatoshi
0
330

Other Decks in Technology

See All in Technology
AWSインフルエンサーへの道 / load of AWS Influencer
Avatar for WHIsaiyo whisaiyo
0
190
【開発を止めるな】機能追加と並行して進めるアーキテクチャ改善/Keep Shipping: Architecture Improvements Without Pausing Dev
Avatar for 株式会社ビットキー / Bitkey Inc. bitkey
PRO
1
100
Entity Framework Core におけるIN句クエリ最適化について
Avatar for tkym htkym
0
100
AI との良い付き合い方を僕らは誰も知らない
Avatar for Asei Sugiyama asei
0
210
ActiveJobUpdates
Avatar for Kuniaki IGARASHI igaiga
1
290
MLflowダイエット大作戦
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
1
160
Oracle Database@Azure:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
2
170
フィッシュボウルのやり方 / How to do a fishbowl
Avatar for Pauli pauli
2
340
通勤手当申請チェックエージェント開発のリアル
Avatar for WHIsaiyo whisaiyo
3
330
AgentCore BrowserとClaude Codeスキルを活用した 『初手AI』を実現する業務自動化AIエージェント基盤
Avatar for Hirokatsu Endo ruzia
7
800
高度サイバー人材育成専科資料(前半)
Avatar for Nomizo Nomizo nomizone
0
400
Strands AgentsとNova 2 SonicでS2Sを実践してみた
Avatar for Yuuki Yamashita yama3133
1
1.5k

Featured

See All Featured
Embracing the Ebb and Flow
Avatar for Simon Collison colly
88
4.9k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1371
200k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.1k
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
110
Jess Joyce - The Pitfalls of Following Frameworks
Avatar for Tech SEO Connect techseoconnect
PRO
1
23
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
170
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
37
6.2k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
115
91k
ラッコキーワード サービス紹介資料
Avatar for ラッコ株式会社 rakko
0
1.7M
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
400
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
77

Transcript

  1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Data Model

    Acceleration   Senior Sales Engineer 2019.07.06 Ver0.2

  2. © 2018 SPLUNK INC.     .C 

     @A024 # "$6     !E3 # # "$/;   =Authentication# *#+   # "$172 &+%-D 9B)8 &+% ?: (,$# "$/;5<4    ># "$Authentication'"$

  3. © 2018 SPLUNK INC.   Pivot# " $ (=)

    !

  4. © 2018 SPLUNK INC. ▶ ,4) • +4)4('#:6A<(&.(2@ -1(.tsidx*2)EC •

    -1indexbucket=?N  • -17;UQ> -1TRM J -1307;UPO • (&.(2$03!/4D@85 -1@#)3"LKG?(& .(29C@1%#FSHB ▶ I   • _raw .tsidx  ””         .'+*,.)- !&.#+(.!.$  

  5. © 2018 SPLUNK INC. :8'+(.tsidx%,)/= #!(#, *-).10 .tsidx2&.!64?> rawdata 

      5 <  3;"10 .tsidx2$-97 RawData          

  6. © 2018 SPLUNK INC.     #! "#!

       *%($# +) ($ . "'&0/  • 100% 21($ # +)  •  46.12MB- , !

  7. © 2018 SPLUNK INC.  VS  " 5/ #$-6

    0Authentication2 0Authentication!1'  +%)$  ,* )$2 (&43   19.202.  4.633.

  8. © 2018 SPLUNK INC. * '    @=+

    E/BC46'(Linuxwindows vpn )< %&+46?> &#<1  CIM;D Datamodel9, | datamodel *A+ !(3/246' Datamodel8 ) $  Datamodel *A+ %( :@+ *A(tstats) 8 )F | tstats !(3/246' Datamodel8 SPL !)  $  Datamodel *A+ %( :@+ Pivot-78 & #5. | pivot "-7 0 ,$( '#   "( ( ) I M f e f e fd C M d

  9. © 2018 SPLUNK INC. |datamodel     

      |datamodel Authentication search | search

  10. © 2018 SPLUNK INC. |tstats  Datamodel   

    |tstats summariesonly=true count from datamodel=Authentication groupby Authentication.user

  11. © 2018 SPLUNK INC. stats VS tstats VS tstats(summariesonly=t) Firewall

     !  • 0.299 • tstats summariesonly=t • ! $ • 4.239 • tstats summariesonly=f • #"_raw  • 28.966 • stats

  12. © 2018 SPLUNK INC. ▶ #& $"%!& *  https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutsummaryindex

    ing ▶ PIVOT vs DATAMODEL vs TSTATS (by Splunk Answers) https://answers.splunk.com/answers/330264/pivot-vs-datamodel-vs-tstats.html ▶   ' How Search Works - $$TSIDXTERM + () https://www.slideshare.net/takashikomatsubara50/how-search-works-tsidxterm