Splunk Enterprise is a software platform that enables you to collect, index, and visualize machine-generated data gathered from different sources in your IT infrastructure. These sources can include applications, networking devices, host and application logs, mobile devices, and more.

It gives you real-time insight and understanding into what is happening and provides end to-end visibility across your IT infrastructure to enable informed, data-driven decisions.

For more information about Splunk enterprise, see Splunk Enterprise Overview.

Data ageing in Splunk

Upon receiving the data from forwarder, the indexer parses the raw data into distinct events based on the timestamp of the event and writes them to the appropriate index. Splunk implements storage tiering of hot, warm and cold buckets to optimize performance for newly indexed data and provide an option to keep older data for longer periods on higher capacity storage.

In this solution, hot and warm buckets reside on the SSD storage pool of PowerFlex rack and cold buckets are configured on PowerScale storage.

For more information about data ageing, see Managing Indexers and Clusters of Indexers.

Figure 2.              Splunk storage tiering