Replicated copies of non-searchable data are smaller than copies of searchable data, because they include only the data and not the associated index files. So setting search factor to n-1 has a greater reduction.
TSIDX files are bigger than the raw data, so A is the correct answer.
If you reduce the number of searchable data copies you will have a greater impact on storage savings. We are assuming that the current search_factor=N and replication_factor=N.
IMHO the question is tricky and has a massive 'it depends' in it, but considering N could be any cluster size,
let's assume we have a requirement of 2 searchable copies and a replication factor of 4(=4x raw data distributed accross the nodes total)
and a cluster with 50 peer nodes => so you set it with
A) to 49(!) full sized searchable copies
D) to 49(!) smaller sized raw copies
in contrast "C) Decreasing the data model acceleration range." would actually DECREASE consumed storage
Replication factor (RF) is the number of copies of a bucket. Search factor (SF) is the number of those copies which are searchable. You can't search more copies than you have so SF must be less than or equal to RF. By reducing RF to N-1 you are automatically reducing the SF to N-1. So answer is D.
Architecting Splunk Enterprise Deployments, "Best Practice: Minimum (RF +1) peer nodes. You have a replication factor of 3, then you want 4 peer nodes, not one less.
Seems the question assumes SF is always smaller than RF, while RF in example in
https://docs.splunk.com/Documentation/Splunk/7.3.2/Indexer/Systemrequirements equal to cluster size, e.g.
3 peer nodes, with replication factor = 3; search factor = 2
5 peer nodes, with replication factor = 5; search factor = 3
In these cases, setting SF=N-1 will increase disk usage instead, while since RF=N in both cases, setting RF=N-1 will reduce disk usage.
Is that why having answer = D ?
Answer A seems correct as Replicated copies of non-searchable data are smaller than copies of searchable data, because they include only the data and not the associated index files.
Answer A seems correct as Replicated copies of non-searchable data are smaller than copies of searchable data, because they include only the data and not the associated index files.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Crash_Override
Highly Voted 3 years, 1 month ago62d8e4c
Most Recent 8 months agobobixaka
1 year, 2 months agoFreshLearn
1 year, 3 months ago_bert
1 year, 8 months agoSledge_Hammer
1 year, 11 months agoHarllen91
1 year, 10 months agostwong
2 years, 5 months agojavo_dlg
2 years, 7 months agoSplunkStreamer
2 years, 8 months agofrappe
2 years, 9 months agoRedYeti
2 years, 12 months agomanu78
4 years, 1 month agosunil299
4 years, 2 months ago