Book Image

Splunk Essentials - Second Edition

By : Betsy Page Sigman, Erickson Delgado
Book Image

Splunk Essentials - Second Edition

By: Betsy Page Sigman, Erickson Delgado

Overview of this book

Splunk is a search, analysis, and reporting platform for machine data, which has a high adoption on the market. More and more organizations want to adopt Splunk to use their data to make informed decisions. This book is for anyone who wants to manage data with Splunk. You’ll start with very basics of Splunk— installing Splunk—and then move on to searching machine data with Splunk. You will gather data from different sources, isolate them by indexes, classify them into source types, and tag them with the essential fields. After this, you will learn to create various reports, XML forms, and alerts. You will then continue using the Pivot Model to transform the data models into visualization. You will also explore visualization with D3 in Splunk. Finally you’ll be provided with some real-world best practices in using Splunk.
Table of Contents (15 chapters)
Splunk Essentials Second Edition
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface

Advanced queries


There are various kinds of advanced query that you may want to consider as you plan out how you will create searches and dashboards for your data. Consider the ones that we present, for they will help you design queries that are more efficient and cost effective.

Subsearch

A subsearch is a search within a search. If your main search requires data as a result of another search, then you can use Splunk's subsearch capability to achieve it. Say you want to find statistics about the server that generates the most 500 errors. A 500 error is a general HTTP status code that means that something has gone wrong with the server, but it doesn't know specifically at this particular time what is wrong. Obviously, if you are responsible for running a website, you want to pay close attention to 500 errors and where they are coming from. You can achieve your goal of finding the culprit server with two searches.

The first search, shown next, will return the server address with the most 500...