Request for improvement
Paul Schmehl
pschmehl_lists at tx.rr.com
Wed Oct 24 10:36:11 EDT 2012
--On October 22, 2012 4:22:50 PM -0400 Carter Bullard <carter at qosient.com>
wrote:
>
> If you would like to use the fastest time based searches, you should use
> rasqltimeindex() to index
> your files based on seconds, and then use rasql() to find the records.
> See the manpage for rasqltimeindex.
> Once you run rasqltimeindex(), you will find a " Seconds " table in your
> database, with this schema:
>
There is no manpage because, unfortunately, the FreeBSD port doesn't build
rasqltimeindex and install it. {{sigh}}
Looks like I have more work to do....
Is there any reason you don't use INET_ATON() in your INSERTS? Seems like
that would be useful.
I'm going to play around with the code some and see what I can do.
One day's worth of our data (in the db - no payloads) is 9.1GB and the
rasqlinsert creates over 120 million rows. Without indexing that will be a
joke to query. Just getting a count of the rows takes over 2 minutes.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
"There are some ideas so wrong that only a very
intelligent person could believe in them." George Orwell
More information about the argus
mailing list