[sleuthkit-users] Autopsy: Solr or Elastic?
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Autopsy: Solr or Elastic?
|
From: Brian C. <ca...@sl...> - 2016-11-03 13:35:35
|
As mentioned last week at OSDFCon, we are undertaking an effort right now to reexamine keyword searching in Autopsy. We built it with an old version of Solr 5 years ago and a lot has changed. One of the things that we are looking into is if we should change to Elastic. We are making a proof of concept system that uses it to evaluate its performance and such compared to the latest Solr. We are looking for feedback from people who have a strong opinion about this. As of right now, it isn’t clear what we gain by moving to Elastic (and some say we’ll get a performance decrease from it during ingest for standalone deployments) for the current Autopsy features (text search). But, there is a theory that if we put more data into the index (times and other metadata) that other module writers could do some cool stuff with it (though that data is already in the SQLite database). Basic question is, If we simply upgrade to Solr 6 and make some schema changes to take advantage of new features, who would be sad that we didn’t jump to Elastic and why? brian |
