Using the map Command
When it comes to correlating information in searches to uncover unique patterns, there are several Splunk commands are commonly employed. For instance, you might opt
Tag: Splunk
Storing Event Data Into Metrics Indexes
This article is split into a nine part series to improve readability – this third installment in the series covers how to store event data
Creating Metrics Indexes
This topic is split into a nine-part series to improve readability – this second installment covers how to create a metrics index. Parts 1-3 of
Events vs Metrics Indexes
This topic is split into a nine-part series to improve readability – this is the first installment in the series. Parts 1-3 of this series
Using the mvjoin Command
Data that has multiple values in a single field can be difficult to view in a report. Using the mvjoin command from Splunk’s Search Processing
Using the coalesce Command
Data fields that have similar information can have different field names. While the Splunk Common Information Model (CIM) exists to address this type of situation,
Using the where Command
What is the Splunk where Command? The Splunk where command is one of several options used to filter search results. It uses eval-expressions that return
Using the strftime Command
One of the most important elements of indexing and searching for logs in Splunk is properly dealing with timestamps. Properly tracking time enables you to
Using the spath Command
Your dilemma: You have XML or JSON data indexed in Splunk as standard event-type data. Sure, you’d prefer to have brought it in as an
Preparing for Splunk Certifications
When it comes to preparing for Splunk Certification exams, there are two questions I see in the Splunk community this post will address: “I’m going