Hi All,
We are working on a clustered environment where splunk is fetching logs from various servers. In the source server we have set up splunk heavy weight forwarder which forwards the data to the load balanced HWF then to indexers.
Now the issue we face is that our logs are in nested json/ unstructured format and is of huge volume. This is making the searches too slow and crash.
We have tried index time extractions but that is also slower due to the volume.
Could you please suggest a work around for this.
TIA
↧