Book Image

Mastering Splunk

By : James D. Miller
Book Image

Mastering Splunk

By: James D. Miller

Overview of this book

This book is for those Splunk developers who want to learn advanced strategies to deal with big data from an enterprise architectural perspective. You need to have good working knowledge of Splunk.
Table of Contents (13 chapters)
12
Index

Split


The Splunk configuration options that are available for split (row and column) depend on the type of attributes you choose for them.

Note

Some split configuration options are specific to either row or column elements, while others are available to either element type.

These configuration options, regardless of the attribute type, are as follows:

  • Both split row and split column:

    • Max rows and max columns: This is the maximum number of rows or columns that can appear in the results table

    • Totals: This will indicate whether to include a row or column that represents the total of all others in an attribute called ALL

  • Only split row elements:

    • Label: This is used to override the attribute name with a different text or character string

    • Sort: This is used to reorder the split rows

  • Only split column:

    • Group others: This indicates whether to group any results excluded by the max columns limit into a separate other column

Configuration options dependent on the attribute type are:

  • String attributes:

    • There...