Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SplunkのData Model Accelerationは何故早いのか

Avatar for odorusatoshi odorusatoshi
September 02, 2019
Technology
1
1.6k

SplunkのData Model Accelerationは何故早いのか

Data Model Acceleration(データモデル高速化)の仕組みをご紹介。

Avatar for odorusatoshi

odorusatoshi

September 02, 2019
Tweet

More Decks by odorusatoshi

See All by odorusatoshi
入門 PEAK Threat Hunting @SECCON
Avatar for odorusatoshi odorusatoshi
0
440
AWS VPC Traffic Mirroringを使って​ Fraud監視をスタート!​
Avatar for odorusatoshi odorusatoshi
0
300
無償のセキュリティ神Apps10選
Avatar for odorusatoshi odorusatoshi
0
1.2k
SplunkとThreat Hunting
Avatar for odorusatoshi odorusatoshi
1
1.6k
Splunking_webproxy
Avatar for odorusatoshi odorusatoshi
0
450
Splunking_ActiveDirectory
Avatar for odorusatoshi odorusatoshi
0
400
Splunking_fw_dns
Avatar for odorusatoshi odorusatoshi
0
590
Splunking_sysmon
Avatar for odorusatoshi odorusatoshi
0
530
Splunking_AWS_security
Avatar for odorusatoshi odorusatoshi
0
330

Other Decks in Technology

See All in Technology
We Built for Predictability; The Workloads Didn’t Care
Avatar for Michael Stahnke stahnma
0
140
20260208_第66回 コンピュータビジョン勉強会
Avatar for KeiichiIto1978 keiichiito1978
0
190
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
Avatar for AEON aeonpeople
1
260
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
Avatar for adachi.ryo rvirus0817
0
330
クレジットカード決済基盤を支えるSRE - 厳格な監査とSRE運用の両立 (SRE Kaigi 2026)
Avatar for capytan capytan
6
2.8k
生成AIと余白 〜開発スピードが向上した今、何に向き合う?〜
Avatar for KAKEHASHI kakehashi
PRO
0
110
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
Avatar for adachi.ryo rvirus0817
1
1.6k
ClickHouseはどのように大規模データを活用したAIエージェントを全社展開しているのか
Avatar for Miki Matsumoto mikimatsumoto
0
260
Oracle Base Database Service 技術詳細
Avatar for oracle4engineer oracle4engineer
PRO
15
93k
15 years with Rails and DDD (AI Edition)
Avatar for Andrzej Krzywda andrzejkrzywda
0
200
学生・新卒・ジュニアから目指すSRE
Avatar for Hiroya Onoe hiroyaonoe
2
720
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
1
490

Featured

See All Featured
What’s in a name? Adding method to the madness
Avatar for The Alliance productmarketing
PRO
24
3.9k
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
Lessons Learnt from Crawling 1000+ Websites
Avatar for Charles Meaden charlesmeaden
PRO
1
1.1k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
170
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
180
Applied NLP in the Age of Generative AI
Avatar for Ines Montani inesmontani
PRO
4
2.1k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.1k
Lightning talk: Run Django tests with GitHub Actions
Avatar for Sarah Abderemane sabderemane
0
120
Tips & Tricks on How to Get Your First Job In Tech
Avatar for Honza Javorek honzajavorek
0
440
Rebuilding a faster, lazier Slack
Avatar for samanthasiow samanthasiow
85
9.4k

Transcript

  1. © 2018 SPLUNK INC. © 2018 SPLUNK INC. Data Model

    Acceleration   Senior Sales Engineer 2019.07.06 Ver0.2

  2. © 2018 SPLUNK INC.     .C 

     @A024 # "$6     !E3 # # "$/;   =Authentication# *#+   # "$172 &+%-D 9B)8 &+% ?: (,$# "$/;5<4    ># "$Authentication'"$

  3. © 2018 SPLUNK INC.   Pivot# " $ (=)

    !

  4. © 2018 SPLUNK INC. ▶ ,4) • +4)4('#:6A<(&.(2@ -1(.tsidx*2)EC •

    -1indexbucket=?N  • -17;UQ> -1TRM J -1307;UPO • (&.(2$03!/4D@85 -1@#)3"LKG?(& .(29C@1%#FSHB ▶ I   • _raw .tsidx  ””         .'+*,.)- !&.#+(.!.$  

  5. © 2018 SPLUNK INC. :8'+(.tsidx%,)/= #!(#, *-).10 .tsidx2&.!64?> rawdata 

      5 <  3;"10 .tsidx2$-97 RawData          

  6. © 2018 SPLUNK INC.     #! "#!

       *%($# +) ($ . "'&0/  • 100% 21($ # +)  •  46.12MB- , !

  7. © 2018 SPLUNK INC.  VS  " 5/ #$-6

    0Authentication2 0Authentication!1'  +%)$  ,* )$2 (&43   19.202.  4.633.

  8. © 2018 SPLUNK INC. * '    @=+

    E/BC46'(Linuxwindows vpn )< %&+46?> &#<1  CIM;D Datamodel9, | datamodel *A+ !(3/246' Datamodel8 ) $  Datamodel *A+ %( :@+ *A(tstats) 8 )F | tstats !(3/246' Datamodel8 SPL !)  $  Datamodel *A+ %( :@+ Pivot-78 & #5. | pivot "-7 0 ,$( '#   "( ( ) I M f e f e fd C M d

  9. © 2018 SPLUNK INC. |datamodel     

      |datamodel Authentication search | search

  10. © 2018 SPLUNK INC. |tstats  Datamodel   

    |tstats summariesonly=true count from datamodel=Authentication groupby Authentication.user

  11. © 2018 SPLUNK INC. stats VS tstats VS tstats(summariesonly=t) Firewall

     !  • 0.299 • tstats summariesonly=t • ! $ • 4.239 • tstats summariesonly=f • #"_raw  • 28.966 • stats

  12. © 2018 SPLUNK INC. ▶ #& $"%!& *  https://docs.splunk.com/Documentation/Splunk/7.3.0/Knowledge/Aboutsummaryindex

    ing ▶ PIVOT vs DATAMODEL vs TSTATS (by Splunk Answers) https://answers.splunk.com/answers/330264/pivot-vs-datamodel-vs-tstats.html ▶   ' How Search Works - $$TSIDXTERM + () https://www.slideshare.net/takashikomatsubara50/how-search-works-tsidxterm