Index

A

• acceptance testing
  • about / Acceptance testing
• access control
  • implementing / Confidentiality and security
• Active Directory
  • monitoring / Monitoring
  • about / Windows inputs in Splunk
• administrative CLI commands
  • used, for deleting indexed data / Administrative CLI commands
• administrator, Splunk
  • about / Administrator
• advanced monitoring
  • about / Advanced monitoring
• alerts
  • about / Alerting, All about alerts
  • configuring / Alerting
  • configuring, as real-time alerts / Alerting
  • configuring, as historical alerts / Alerting
  • configuring, as rolling time-frame alerts / Alerting
  • creating / Alerting a quick startup
  • creating, based on scheduled searches / You can't do that
  • editing / Editing alerts
  • description, editing / Editing the description
  • permissions, editing / Editing permissions
  • alert type, editing / Editing the alert type and trigger
  • trigger, editing / Editing the alert type and trigger
  • actions, editing / Editing actions
  • disabling / Disabling alerts
  • cloning / Cloning alerts
  • deleting / Deleting alerts
• alerts, actions
  • enabling / Setting enabling actions
  • triggered alerts, listing / Listing triggered alerts
  • e-mails, sending / Sending e-mails
  • script, executing / Running a script
  • When triggered, execute actions option / Action options – when triggered, execute actions
  • throttling / Throttling
• alerts, types
  • continuous every time result alerts / All about alerts
  • continuous over time result alerts / All about alerts
  • historical rolling time result alerts / All about alerts
• app development
  • considerations / Preparation for app development
  • beginning / Beginning Splunk app development
  • app's workspace, creating / Creating the app's workspace
  • configurations, adding / Adding configurations
  • app.conf file, creating / The app.conf file
  • icon, adding / Giving your app an icon
  • other configurations / Other configurations
  • app objects, creating / Creating the app objects
  • navigation, building / Building navigations
  • apps, packaging for deployment / Packaging apps for deployment
• application program interfaces (APIs)
  • about / The complements of Splunk
• applications programming interface (API) / Searching with parameters
• app objects
  • creating / Creating the app objects
  • event types / Creating the app objects
  • fields / Creating the app objects
  • tags / Creating the app objects
  • views / Creating the app objects
  • ownership, setting / Setting the ownership
  • app's permissions, setting / Setting the app's permissions
  • apps permissions, setting with default.meta file / Another approach to permissions
  • object type / Another approach to permissions
  • object name / Another approach to permissions
  • default.meta example / A default.meta example
• apps
  • about / Basic applications, More about apps, Apps
  • app list / The app list
  • knowledge object / More about apps
  • add-ons / Add-ons
  • viewing, Splunk Web used / Splunk Web
  • installing / Installing an app
  • removing / Disabling and removing a Splunk app
  • disabling / Disabling and removing a Splunk app
  • characteristics / App FAQs
  • using / Can I use apps?
  • testing / Testing before sharing
• architect, Splunk
  • about / Architect
• architecture, Splunk
  • about / The Splunk architecture
• automatic lookups
  • about / Automatic lookups
  • Add new page / The Add new page

B

• best practices, Splunk / Best practices
• big data
  • about / The evolution of Splunk
• Boolean expressions
  • using / Boolean expressions
  • AND operator / Boolean expressions
  • OR operator / Boolean expressions
  • NOT operator / Boolean expressions
• bucket
  • about / Index composition, Bucket types
• bucketing
  • about / Splunk bucketing
  • timechart command, using / Reporting using the timechart command
• bucket time spans
  • versus per_* functions / Bucket time spans versus per_* functions
• bucket types
  • used, for setting index sizes / Bucket types
• business intelligence (BI)
  • about / The evolution of Splunk

C

• cell drilldown
  • about / Cell drilldowns
• certifications, Splunk
  • knowledge manager / Knowledge manager
  • administrator / Administrator
  • architect / Architect
  • supplemental certifications / Supplemental certifications
• chart command
  • about / The chart command
  • aggregator argument / The chart command
  • sparkline-agg-term argument / The chart command
  • eval-expression argument / The chart command
• chart drilldowns
  • about / Chart drilldowns
• charts
  • about / Tables, charts, and fields, Returning search results as charts
  • chart command / The chart command
  • split-by fields / The split-by fields
  • where clause / The where clause
  • examples / More visualization examples
  • additional functions / Some additional functions
• clean command
  • about / Deleting data
  • used, for deleting indexed data / The clean command
• clusters
  • about / Indexes, indexers, and clusters
  • nodes / Indexes, indexers, and clusters
• CMM
  • about / A structured approach
• CMM, notions
  • key process areas or KPAs / A structured approach
  • goals / A structured approach
  • common features / A structured approach
  • key practices / A structured approach
  • maturity levels / A structured approach
• CMM, visionary phases
  • just started / A structured approach
  • repeatable / A structured approach
  • defined / A structured approach
  • managed / A structured approach
  • optimizing / A structured approach
• column values
  • about / Column values
• command-line interface (CLI)
  • about / Investigational searching
• command formats
  • searching / Searching for operators, command formats, and tags
• Common Information Model (CIM)
  • about / Add-ons, Splunk's Common Information Model
• component interface testing (CIT)
  • about / Component interface testing
• concurrency command
  • about / Concurrent events
  • duration field / Concurrent events
  • start field / Concurrent events
  • output field / Concurrent events
• concurrent events
  • about / Concurrent events
  • example / Examples of concurrency command use
• confidentiality, Splunk
  • about / Confidentiality and security
• configuration, indexes
  • about / Configuring indexes
• configuration, Splunk
  • about / Installation and configuration
• configuration files
  • about / Configuration files, Transactions and transaction types
  • used, for implementing field lookup / Implementing a lookup using configuration files – an example
  • using, instead of Splunk Web / Using configuration files instead of Splunk Web
• configuriation, transaction types / Configuring transaction types
• custom apps
  • building / BYO or build your own apps
  • URL, for uploading / BYO or build your own apps
• Customer Relationship Management (CRM)
  • about / Customer Relationship Management
• custom indexes
  • using / Using your new indexes
• customization, user interface (UI)
  • dashboards / The end-to-end customization of Splunk
  • form search / The end-to-end customization of Splunk
  • advanced views / The end-to-end customization of Splunk

D

• Dashboard Editor
  • used, for creating dashboards / Going back to dashboards
  • about / Let's walk through the Dashboard Editor
• dashboard panel
  • visualizations, specifying / Specifying visualizations for the dashboard panel
  • time range picker / The time range picker
  • used, for searching / More on searching
  • inline search / Inline searches
• dashboards
  • creating / Creating effective dashboards
  • views / Views
  • panels / Panels
  • modules / Modules
  • search form / Form searching
  • versus forms / Dashboards versus forms
  • creating, Dashboard Editor used / Going back to dashboards
  • Panel Editor / The Panel Editor
  • Visualization Editor / The Visualization Editor
  • Dashboard Editor / Let's walk through the Dashboard Editor
  • constructing / Constructing a dashboard
  • framework, constructing / Constructing the framework
  • panels, adding / Adding panels and panel content, Adding a panel, Adding panels to your dashboard
  • panel content, adding / Adding panels and panel content
  • access, controlling / Controlling access to your dashboard
  • cloning / Cloning and deleting
  • deleting / Cloning and deleting
  • context, selecting / Keeping in context
  • customization / Some further customization
  • panels, using / Using panels
  • panels, editing / Adding and editing dashboard panels
  • visualization / Visualize this!
  • real-time solutions / Real-world, real-time solutions
  • real-world solutions / Real-world, real-time solutions
• data
  • interpreting, with Splunk knowledge / Data interpretation
  • classifying, with Splunk knowledge / Classification of data
  • enriching, with Splunk knowledge / Data enrichment
  • normalizing, with Splunk knowledge / Normalization
  • modeling, with Splunk knowledge / Modeling
• data inputs, for monitoring
  • Splunk Web / Splunk Web
  • Splunk CLI / Splunk CLI
  • Splunk configuration files / Splunk configuration files
  • apps / Apps
• data location
  • about / Location, location, location
• data sources, Splunk
  • files and/or directories / Universal file handling
  • network events / Universal file handling
  • Windows sources / Universal file handling
  • other sources / Universal file handling
• dedup command
  • used, for handling duplicates / Handling duplicates with dedup
• default fields
  • about / Transactions and transaction types
• default indexes
  • about / Default indexes
  • Main (main) / Default indexes
  • Internal (_internal) / Default indexes
  • Audit (_audit) / Default indexes
• delete operator
  • about / Deleting Splunk events
  • using / Deleting data
• dense searches
  • versus sparse searches / Understanding the difference between sparse and dense
• disaster recovery (DR)
  • about / Disaster recovery
• documentation, naming conventions
  • developing / Naming conventions for documentation
  • developing, for knowledge objects / Developing naming conventions for knowledge objects
  • organizing / Organized naming conventions
  • object naming conventions / Object naming conventions
  • hints / Hints
  • example / An example of naming conventions
  • Common Information Model (CIM) / Splunk's Common Information Model
• documentation, Splunk
  • about / The Splunk documentation
• drilldowns
  • about / Drilldowns
  • options / The drilldown options
  • functionality / The basic drilldown functionality
  • row drilldown / Row drilldowns
  • cell drilldown / Cell drilldowns
  • chart drilldowns / Chart drilldowns
  • legends / Legends
• drilldowns, options
  • Row / The drilldown options
  • Cell / The drilldown options
  • None (off) / The drilldown options
• DSS
  • about / Decision support – analysis in real time
  • ETL analytics / ETL analytics and preconceptions
  • preconceptions / ETL analytics and preconceptions
  • ODBC / ODBC
• dynamic drilldowns
  • about / Dynamic drilldowns
  • implementing / The essentials
  • example / Examples
  • disabling / No drilldowns
• dynamic lookups / Dynamic lookups

E

• enterprise data warehouses (EDW)
  • about / The complements of Splunk
• enterprise vision, Splunk
  • about / The enterprise vision
  • evaluation / Evaluation and implementation
  • implementation / Evaluation and implementation
  • building / Build, use, and repeat
  • using / Build, use, and repeat
  • repeating / Build, use, and repeat
  • management / Management and optimization
  • optimization / Management and optimization
  • developing / More on the vision
  • structured approach / A structured approach
  • search engine / Splunk – all you need for a search engine
• escapes
  • using / You can quote me, I'm escaping
• eval statement
  • using / The eval statement
  • example / A simple example
• eval statement, parameters
  • eval-field / The eval statement
  • eval-expression / The eval statement
• event correlation
  • about / Grouping – event grouping and correlation
• event data
  • about / Transactions and transaction types
• event processing
  • about / Event processing
  • parsing / Parsing
  • indexing / Indexing
• events
  • sending, to be indexed / Sending all events to be indexed
  • deleting / Deleting Splunk events
• event timeline
  • used, for investigational searching / The event timeline
• examples, naming conventions
  • user group / An example of naming conventions
  • type / An example of naming conventions
  • platform / An example of naming conventions
  • category / An example of naming conventions
  • interval / An example of naming conventions
  • explanation / An example of naming conventions
• expiration, Splunk
  • about / Expiration
• extended functionalities, Splunk
  • about / Extended functionalities
  • Splunk acceleration / Splunk acceleration
  • expiration / Expiration
  • summary indexing / Summary indexing
• external lookup
  • example / External lookups

F

• features, indexes
  • index names / Important details about indexes
  • path locations / Important details about indexes
  • max sizes / Important details about indexes
  • frozen archive path / Important details about indexes
• field lookup
  • configuring / Configuring a simple field lookup
  • defining, in Splunk Web / Defining lookups in Splunk Web
  • automatic lookups / Automatic lookups
  • configuration files / Configuration files
  • implementing, configuration files used / Implementing a lookup using configuration files – an example
  • tables, populating / Populating lookup tables
  • duplicates, handling with dedup command / Handling duplicates with dedup
  • dynamic lookups / Dynamic lookups
  • Splunk Web, using / Using Splunk Web
  • configuration files, using instead of Splunk Web / Using configuration files instead of Splunk Web
  • time-based lookup / Time-based lookups
  • duplicate table names, preventing / Seeing double?
• field lookup tables
  • populating / Populating lookup tables
• fields
  • about / Tables, charts, and fields, Fields, Transactions and transaction types
  • index field / Fields
  • linecount field / Fields
• fields command
  • about / Splunking into tables, Fields
  • example / An example of the fields command
• file
  • handling, in Splunk / Universal file handling
• files and directories
  • monitoring / Monitoring
• form
  • searching / Form searching
• format command
  • about / Output settings for subsearches
• forms
  • versus dashboards / Dashboards versus forms
• forwarders
  • about / What to monitor
  • leveraging / Leveraging your forwarders

G

• Geographical Information Systems (GIS)
  • about / Geographical Information Systems

H

• Hadoop Distributed File System (HDFS)
  • about / Hadoop technologies
• Hadoop technologies
  • about / Hadoop technologies
• historical alerts
  • about / Alerting
• Hunk
  • about / Hadoop technologies

I

• index-by-index attributes
  • used, for setting index sizes / Index-by-index attributes
• index database
  • moving / Moving your index database
• indexed data
  • deleting / Deleting your indexes and indexed data, Deleting data
  • deleting, administrative CLI commands used / Administrative CLI commands
  • deleting, clean command used / The clean command
  • deleting, entirely / Deleting an index
  • disabling / Disabling an index
  • retirements / Retirements
• indexers
  • about / What is a Splunk index?, Indexes, indexers, and clusters
• indexes
  • about / What is a Splunk index?, Indexes, indexers, and clusters
  • reference link / What is a Splunk index?
  • event processing / Event processing
  • composition / Index composition
  • default indexes / Default indexes
  • managing / Managing Splunk indexes
  • working with / Getting started
  • creating / Creating and editing Splunk indexes
  • editing / Creating and editing Splunk indexes
  • features / Important details about indexes
  • deleting / Deleting your indexes and indexed data
  • Splunk events, deleting / Deleting Splunk events
  • specific events, deleting / Not all events!
  • configuring / Configuring indexes
  • spreading out / Spreading out your Splunk index
  • sizing / Size matters
• indexes, composition
  • raw files / Index composition
  • index files / Index composition
• indexes.conf file
  • editing / Editing the indexes.conf file
• indexes.conf file, attributes
  • homePath / Configuring indexes
  • coldPath / Configuring indexes
  • thawedPath / Configuring indexes
  • maxHotBuckets / Configuring indexes
  • maxWarmDBCount / Configuring indexes
  • maxTotalDataSizeMB / Configuring indexes
  • frozenTimePeriodInSecs / Configuring indexes
  • coldToFrozenScript / Configuring indexes
• indexing
  • about / The importance of indexing
  • importance / The importance of indexing
  • other methods / Other indexing methods
  • indexes.conf file, editing / Editing the indexes.conf file
• index management
  • tasks / Getting started
• index space
  • managing / Hitting the limits
  • setting / Setting your own minimum free disk space
• inline search, dashboard panel
  • about / Inline searches
  • saved search report / A saved search report
  • inline pivot / The inline pivot
  • saved pivot report / The saved pivot report
• inputcsv command / The inputcsv and outputcsv commands
• inputlookup command / The inputlookup and outputlookup commands
• inputs.conf file
  • about / Splunk configuration files
• installation, apps
  • about / Installing an app
• installation, Splunk
  • about / Keeping it simple, Installation and configuration, Installation
  • Splunkd / Installation
  • Splunk Web / Installation
  • Splunk home / Splunk home
• installation, Splunk Deployment Monitor
  • about / Let's Install!
• integration testing
  • about / Integration testing
• International Data Corporation (IDC)
  • about / The evolution of Splunk
• investigational searching
  • about / Investigational searching
  • with pivot / Searching with pivot
  • with event timeline / The event timeline

K

• key performance indicators (KPIs)
  • about / The Splunk approach
• knowledgeable optimizations (KO)
  • about / Understanding the difference between sparse and dense
• knowledge management
  • about / Knowledge management, Strategic knowledge management
  • example / Some working examples
• knowledge management, prerequisites
  • apps / Strategic knowledge management
  • configuration files / Strategic knowledge management
  • indexing / Strategic knowledge management
  • data inputs / Strategic knowledge management
  • forwarders / Strategic knowledge management
  • receivers / Strategic knowledge management
  • event processing / Strategic knowledge management
  • default fields / Strategic knowledge management
  • roles and users / Strategic knowledge management
• knowledge manager
  • about / Knowledge manager
• knowledge object
  • about / More about apps
  • testing / Testing
• Komodo Edit
  • about / Preparation for app development
  • URL / Preparation for app development

L

• learning environment, Splunk
  • about / An environment to learn in
• legends, drilldowns
  • about / Legends
• limits.conf file
  • about / Limits
• lookup command
  • about / The lookup command
• lookups
  • about / Introduction

M

• macros
  • about / Splunk macros, Transactions and macro searches
  • defining / Splunk macros
  • creating / Creating your own macro
  • using / Using your macros
  • limitations / The limitations of Splunk
• master node
  • about / Indexes, indexers, and clusters
• Mobile Device Management (MDM)
  • about / Mobile Device Management
• modules, dashboards
  • about / Modules
• Module System
  • about / Modules
• monitoring
  • with Splunk / Monitoring, What to monitor
  • recipes / Recipes
  • categories / Monitoring categories
  • custom data, specifying / Custom data
  • input source type, assigning / Input typing
• monitoring, methodology
  • requirements / Getting started with monitoring
  • test indexing / Getting started with monitoring
  • data preview / Getting started with monitoring
  • search / Getting started with monitoring
  • tweak events / Getting started with monitoring
  • process, starting again / Getting started with monitoring
  • implementing / Getting started with monitoring
• MS Windows event logs
  • monitoring / Monitoring
• multiple indexes
  • dealing with / Dealing with multiple indexes
  • reasons / Reasons for multiple indexes
  • custom indexes, using / Using your new indexes
  • events, sending to be indexed / Sending all events to be indexed
  • specific events, sending / Sending specific events
• multiple indexes, reasons
  • security / Reasons for multiple indexes
  • retention / Reasons for multiple indexes
  • performance / Reasons for multiple indexes

N

• navigation, apps
  • building / Building navigations
  • adjusting / Let's adjust the navigation
  • default.xml file, using / Using the default.xml file rather than Splunk Web
  • app setup, creating / Creating an app setup and deployment
  • app deployment, creating / Creating an app setup and deployment
  • setup screen, creating / Creating a setup screen
  • XML syntax, using / The XML syntax used
• navigation bar
  • adding / Dashboards and the navigation bar
  • coloring / Color my world
• new search dashboard
  • about / The new search dashboard
• nodes, cluster
  • master node / Indexes, indexers, and clusters
  • peer nodes / Indexes, indexers, and clusters
  • search heads / Indexes, indexers, and clusters
• nonstreaming commands
  • about / The breakdown of commands
• NoSQL
  • about / The Splunk approach

O

• object management
  • with knowledge management / Splunk object management with knowledge management
• ODBC
  • about / ODBC
• operational intelligence (OI)
  • about / Universal file handling, Operational intelligence
• operators
  • searching / Searching for operators, command formats, and tags
• organization, knowledge management
  • simple inventory / Splunk object management with knowledge management
  • organization / Splunk object management with knowledge management
  • data normalization / Splunk object management with knowledge management
  • configuration files / Splunk object management with knowledge management
  • data modeling / Splunk object management with knowledge management
  • performance management / Splunk object management with knowledge management
• outputcsv command / The inputcsv and outputcsv commands
• outputlookup command / The inputlookup and outputlookup commands

P

• Panel Editor
  • about / The Panel Editor
• panels, dashboards
  • about / Panels
  • adding / Adding panels and panel content, Adding a panel, Adding panels to your dashboard
  • using / Using panels
  • editing / Adding and editing dashboard panels
• peer nodes
  • about / Indexes, indexers, and clusters
• performance testing
  • about / Performance testing
• performance test kit, Splunk
  • about / Splunk's performance test kit
• per_* functions
  • versus bucket time spans / Bucket time spans versus per_* functions
• per_day() function / Bucket time spans versus per_* functions
• per_hour() function / Bucket time spans versus per_* functions
• per_minute() function / Bucket time spans versus per_* functions
• per_second() function / Bucket time spans versus per_* functions
• pivot
  • used, for investigational searching / Searching with pivot
  • about / Pivot
  • creating / Pivot
  • filtering / Filtering your pivots
  • formatting / Pivot table formatting
  • example / A quick example
• pivot, filter elements
  • time / Filtering your pivots
  • match / Filtering your pivots
  • limit / Filtering your pivots
• pivot editor
  • about / The pivot editor
  • pivot elements, managing / Working with pivot elements
• pivot editor, object type
  • event type / The pivot editor
  • transaction type / The pivot editor
  • search type / The pivot editor
• private, lookup file / Defining lookups in Splunk Web
• process maturity framework (PMF)
  • about / A structured approach
• professional services, Splunk
  • about / Professional services

Q

• quotes
  • using / You can quote me, I'm escaping

R

• real-time alerts
  • about / Alerting
• real time alerts
  • versus scheduled alerts / Scheduled or real time
• recipes, monitoring
  • about / What to monitor
• regression testing
  • about / Regression testing
• remove command
  • about / Deleting an index
• rename command
  • about / The Splunk rename command
• reporting commands
  • about / The breakdown of commands
• reports
  • creating / Reporting
• retrofitting
  • about / Retrofitting
  • benefits / Retrofitting
• rolling time-frame alerts
  • about / Alerting
• row drilldown
  • about / Row drilldowns

S

• scheduled alerts
  • versus real time alerts / Scheduled or real time
• Search & Reporting app
  • about / Investigational searching
  • features / Investigational searching
• searchable events
  • about / What is a Splunk index?
• searchable knowledge base, of Apps
  • about / Splunkbase
• search command
  • about / The chart command
• search commands
  • streaming / The breakdown of commands
  • reporting / The breakdown of commands
  • nonstreaming / The breakdown of commands
• search dashboard
  • search bar / The search dashboard
  • range picker / The search dashboard
  • How-To (panel) / The search dashboard
  • What-To (panel) / The search dashboard
• search form
  • about / Form searching
  • textboxes, using / Form searching
  • drop-down menus, using / Form searching
  • drop-down lists, using / Form searching
  • radio buttons, using / Form searching
  • multiple result panels, using / Form searching
  • example / An example of a search form
• search heads
  • about / Indexes, indexers, and clusters
• searching
  • performing / Searching in Splunk
  • search dashboard / The search dashboard
  • new search dashboard / The new search dashboard
  • mechanism / The Splunk search mechanism
  • Splunk quick reference guide / The Splunk quick reference guide
  • search assistant / Please assist me, let me go
  • basic optimization / Basic optimization
  • search mode, selecting / Fast, verbose, or smart?
  • search commands, breaking down / The breakdown of commands
  • sparse searches, versus dense searches / Understanding the difference between sparse and dense
  • process flow / The process flow
  • Boolean expressions / Boolean expressions
  • quotes, using / You can quote me, I'm escaping
  • escapes, using / You can quote me, I'm escaping
  • transactional searching / Transactional searching
  • with parameters / Searching with parameters
• search macros
  • using / A refresher on search macros
  • arguments, defining / Defining your arguments
  • applying / Applying a macro
• search mode
  • fast / Fast, verbose, or smart?
  • verbose / Fast, verbose, or smart?
  • smart / Fast, verbose, or smart?
• search pipeline
  • about / Understanding the difference between sparse and dense
• search results
  • about / Search results
  • event searches / Search results
  • transformational searches / Search results
  • transformational commands / Search results
  • examples / Some basic Splunk search examples
  • additional formatting / Additional formatting
  • abstract command / Additional formatting
  • diff command / Additional formatting
  • highlight command / Additional formatting
  • iconify command / Additional formatting
  • outputtext command / Additional formatting
  • scrub command / Additional formatting
  • xmlunescape command / Additional formatting
  • append command / Additional formatting
• search tag
  • about / Tag me Splunk!
  • asssigning / Assigning a search tag
  • field-value pairs, tagging / Tagging field-value pairs
  • wildcard / Wild tags!
  • wildcard support / Wildcards – generally speaking
  • disabling / Disabling and deleting tags
  • deleting / Disabling and deleting tags
• security, Splunk
  • about / Confidentiality and security
• service-level agreement (SLA)
  • about / Visibility in the operational world
• size, indexes
  • setting / Size matters
  • setting, with index-by-index attributes / Index-by-index attributes
  • setting, with bucket types / Bucket types
  • setting, with volumes / Volumes
• software development kits (SDKs)
  • about / The complements of Splunk
• sophisticated lookups / Introduction
• sparklines
  • about / Sparklines
• sparse searches
  • versus dense searches / Understanding the difference between sparse and dense
• specific events
  • sending / Sending specific events
  • transformation example / A transformation example
  • specified index, searching / Searching for a specified index
  • deleting / Not all events!
• SPL
  • about / The definition of Splunk, The Splunk approach, The breakdown of commands, Pivot
• Splexicon
  • about / Keeping it simple, The Splexicon
• split
  • about / Split
  • configuration options / Split
• Splunk
  • about / The definition of Splunk
  • installing / Keeping it simple
  • URL, for documentation / Keeping it simple, The Transaction command, The Splunk documentation
  • universal file, handling / Universal file handling
  • security / Confidentiality and security
  • confidentiality / Confidentiality and security
  • evolution / The evolution of Splunk
  • approaches / The Splunk approach
  • used, for correlating information / The correlation of information
  • used, for searching information / The correlation of information
  • use cases / Conventional use cases
  • used, for alerting / Alerting
  • used, for creating reports / Reporting
  • complements / The complements of Splunk
  • opportunities / Splunk – outside the box
  • Customer Relationship Management (CRM) / Customer Relationship Management
  • emerging technologies / Emerging technologies
  • knowledge discovery / Knowledge discovery and data mining
  • data mining / Knowledge discovery and data mining
  • disaster recovery (DR) / Disaster recovery
  • virus protection / Virus protection
  • enhancement, of structured data / The enhancement of structured data
  • project management / Project management
  • firewall applications / Firewall applications
  • enterprise wireless solutions / Enterprise wireless solutions
  • Hadoop technologies / Hadoop technologies
  • media measurement / Media measurement
  • social media / Social media
  • Geographical Information Systems (GIS) / Geographical Information Systems
  • Mobile Device Management (MDM) / Mobile Device Management
  • reliability / Splunk in action
  • data management / What does Splunk do with the data it monitors?
  • learning options / Where and how to learn Splunk
  • URL, for downloading / Installation and configuration
• Splunk acceleration
  • about / Splunk acceleration
• Splunk account
  • creating / Creating your Splunk account
• Splunk answers
  • about / Splunk answers
• Splunkbase
  • about / Splunkbase
• Splunk CLI
  • about / Splunk CLI
• Splunk commands
  • about / Command roundup
  • lookup command / The lookup command
  • inputlookup command / The inputlookup and outputlookup commands
  • outputlookup command / The inputlookup and outputlookup commands
  • inputcsv command / The inputcsv and outputcsv commands
  • outputcsv command / The inputcsv and outputcsv commands
• Splunkd
  • about / Installation
• Splunk data pipeline
  • input (data) / Event processing
  • searching / Event processing
  • parsing / Event processing
  • indexing / Event processing
  • about / The Splunk data pipeline
• Splunk Deployment Monitor
  • about / Splunk
  • downloading / Where is this app?
  • installing / Let's Install!
  • viewing / Viewing the Splunk Deployment Monitor app
• Splunk Education
  • about / The "How-to" tutorials
• Splunk home
  • about / Splunk home
• Splunk instance
  • about / Splunk home
• Splunk knowledge
  • about / Definition of Splunk knowledge
  • data interpretation / Data interpretation
  • data classification / Classification of data
  • data enrichment / Data enrichment
  • normalization / Normalization
  • modeling / Modeling
• SplunkLive!
  • about / User conferences, blogs, and news groups
• Splunk quick reference guide
  • about / The Splunk quick reference guide
  • URL / The Splunk quick reference guide
• Splunk software
  • obtaining / Obtaining the Splunk software
  • disclaimer / Disclaimer
  • installation / Installation and configuration
  • configuration / Installation and configuration
• Splunk software, requisites
  • disk space / Disk space requirements
  • physical environment / To go physical or logical?
  • logical environment / To go physical or logical?
  • Splunk architecture / The Splunk architecture
  • Splunk account, creating / Creating your Splunk account
• Splunk Software License Agreement
  • URL / Disclaimer
• Splunk static lookup
  • example / Introduction
• Splunk Web
  • field lookups, defining / Defining lookups in Splunk Web
  • using / Using Splunk Web
  • configuration files, using instead of / Using configuration files instead of Splunk Web
  • used, for viewing apps / Splunk Web
  • about / Splunk Web, Installation
• Splunk website
  • about / www.splunk.com
• stats command
  • using / What to avoid – stats instead of transaction
• streaming commands
  • about / The breakdown of commands
• subsearch
  • about / Subsearching
  • purpose / Subsearching
  • parameterization example / Subsearching
  • appending example / Subsearching
  • conditions example / Subsearching
  • output settings / Output settings for subsearches
  • Search Job Inspector / Search Job Inspector
• summary indexing
  • enabling / Summary indexing
• supplemental certifications, Splunk
  • Splunk partners / Splunk partners
  • training / Proper training
• support portal, Splunk
  • about / The support portal
• system testing
  • about / System testing

T

• table command
  • about / The table command
• tables
  • about / Tables, charts, and fields, Splunking into tables
  • table command / The table command
  • rename command / The Splunk rename command
  • limits.conf file / Limits
• tags
  • searching / Searching for operators, command formats, and tags
  • about / Transactions and transaction types
• technology-agnostic approach
  • about / A technology-agnostic approach
• testing
  • about / Testing
  • apps, before sharing / Testing before sharing
  • levels / Levels of testing
  • unit testing / Unit testing
  • integration testing / Integration testing
  • component interface testing (CIT) / Component interface testing
  • system testing / System testing
  • acceptance testing / Acceptance testing
  • performance testing / Performance testing
  • performance test kit / Splunk's performance test kit
  • regression testing / Regression testing
• throttling
  • about / Throttling
• time-based lookup
  • about / Time-based lookups
  • file parameters / Time-based lookups
  • creating / An easier way to create a time-based lookup
• timechart command / Some basic Splunk search examples
  • about / Reporting using the timechart command
  • using / Reporting using the timechart command
  • single aggregation / Arguments required by the timechart command
  • eval expression / Arguments required by the timechart command
• time range picker
  • about / The time range picker
• transaction
  • about / Transactional searching
  • examples / Transactional searching
  • field list / Transactional searching
  • name / Transactional searching
  • optional arguments / Transactional searching
• transactional searching
  • about / Transactional searching
• Transaction command
  • using / The Transaction command
  • duration field / The Transaction command
  • transactiontype field / The Transaction command
  • field-list field / The Transaction command
  • match field / The Transaction command
  • maxspan field / The Transaction command
  • maxpause field / The Transaction command
  • startswith field / The Transaction command
  • endswith field / The Transaction command
• transactions
  • about / Transactions and transaction types
  • event data / Let's get back to transactions
  • usage / Advanced use of transactions
  • transaction types, configuring / Configuring transaction types
  • event grouping / Grouping – event grouping and correlation
  • event correlation / Grouping – event grouping and correlation
  • concurrent events / Concurrent events
  • stats command, using / What to avoid – stats instead of transaction
• transaction search
  • using / Transaction search
  • example / An example of a Splunk transaction
  • Transaction command / The Transaction command
  • macro / Transactions and macro searches
• transaction types
  • about / Transactions and transaction types
  • configuring / Configuring transaction types
  • transactiontypes.conf file / The transactiontypes.conf file
  • example / An example of transaction types
• transactiontypes.conf file
  • about / The transactiontypes.conf file
• tsidx files
  • about / Index composition

U

• unit testing
  • about / Unit testing
• use cases, Splunk
  • investigational searching / Investigational searching
  • monitoring / Monitoring
  • visibility / Visibility in the operational world
  • DSS / Decision support – analysis in real time
• user interface (UI)
  • about / BYO or build your own apps
  • customization / The end-to-end customization of Splunk

V

• view
  • about / Creating effective dashboards
• views, dashboards
  • about / Views
• visibility
  • about / Visibility in the operational world
  • operational intelligence (OI) / Operational intelligence
  • technology-agnostic approach / A technology-agnostic approach
• visualization, dashboards
  • visualization type / The visualization type
  • visualization format / The visualization format
• Visualization Editor
  • about / The Visualization Editor
  • XML / XML
• volumes
  • used, for setting index sizes / Volumes
  • about / Volumes
  • creating / Creating and using volumes
  • using / Creating and using volumes

W

• Web Framework
  • about / Views
• where clause
  • about / The where clause
• wildcard, search tag
  • about / Wild tags!
• Windows inputs, Splunk
  • Windows event logs / Windows inputs in Splunk
  • performance monitoring / Windows inputs in Splunk
  • remote monitoring over WMI / Windows inputs in Splunk
  • registry monitoring / Windows inputs in Splunk
  • Active Directory / Windows inputs in Splunk
• Windows performance
  • monitoring / Monitoring
• Windows printer information
  • monitoring / Monitoring
• Windows registry information
  • monitoring / Monitoring
• WMI-based data
  • monitoring / Monitoring

X

• XML
  • about / XML, Dashboards and XML
  • dashboard XML code, editing / Editing the dashboard XML code
  • dashboards, adding / Dashboards and the navigation bar
  • navigation bar, adding / Dashboards and the navigation bar
  • navigation bar, coloring / Color my world
• XML tags
  • <setup> / The XML syntax used
  • <block> / The XML syntax used
  • <text> / The XML syntax used
  • <input> / The XML syntax used
  • <label> / The XML syntax used
  • <type> / The XML syntax used