![]() Perform calculations on the smallest amount of data. ![]() Here’s a real-life example of how impactful using the fields command can be. Whenever possible, try using the fields command right after the first pipe of your SPL as shown below. While this does cut down on the number of events (vertical) that are retrieved, you should also focus on cutting down the number of fields (horizontal) that are retrieved.īy using the fields streaming command early on within your SPL, you not only lower the amount of data being pulled from the indexers, but also the amount that has to be transferred to and processed by the search head. To lower the amount of data coming back from the indexers, many articles recommend filtering your data early on.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |