Using the coalesce Command
Data fields that have similar information can have different field names. While the Splunk Common Information Model (CIM) exists to address this type of situation,
Category: Search Command of the Week
Using the where Command
What is the Splunk where Command? The Splunk where command is one of several options used to filter search results. It uses eval-expressions that return
Using the strftime Command
One of the most important elements of indexing and searching for logs in Splunk is properly dealing with timestamps. Properly tracking time enables you to
Using the dedup Command
What is the Splunk dedup Command? The Splunk dedup command, short for “deduplication”, is an SPL command that eliminates duplicate values in fields, thereby reducing
Using the spath Command
Your dilemma: You have XML or JSON data indexed in Splunk as standard event-type data. Sure, you’d prefer to have brought it in as an
Makemv Command in Splunk: The Beginner’s Guide
Have you ever been stuck with a single field that needed to provide you with a little more… value? The makemv command adds that value.
Splunk eval Command: What It Is & How To Use It
Where to begin with Splunk eval search command… in its simplest form, eval command can calculate an expression and then applies the value to
Splunk Search Command of the Week: timechart
STATS commands are some of the most used commands in Splunk for good reason. They make pulling data from your Splunk environment quick and
Splunk STATS Command
Here’s the situation: You’re a security analyst that’s been tasked with finding different attacks on your servers. You need to find various events relating