top of page

Running Splunk Enterprise Security at Capacity with Data Model Acceleration

  • Writer: Gabriel Vasseur
    Gabriel Vasseur
  • Oct 31, 2017
  • 1 min read

Updated: Oct 19, 2021

Data models and especially their acceleration are often misunderstood by Splunk users. Yet they are absolutely critical, especially for Enterprise Security.


In 2017 I did a presentation at Splunk.conf that is still very relevant. It has the best (according to me) explanation of how data models work and it goes into details about their acceleration: how you can ensure acceleration works, how to make the most of it, and why you need it.


This presentation was one of the highest rated of conf17 and was on the landing page at conf.splunk.com after the conference:




I shared a couple of really useful dashboards here: https://bitbucket.org/GabrielVasseur/dm-dashboards/


I want to thank Kumar Sumeet, Splunk PS consultant at the time, for his help making sense of Splunk's data model acceleration.

Recent Posts

See All

Comments


©2021 by Gabriel Vasseur. Proudly created with Wix.com

bottom of page