In Chapter 5, Simple XML Dashboards, we covered building dashboards using simple XML. We first used the wizards provided in Splunk and then edited the resultant XML code. When you reach the limits of what can be accomplished with simple XML, one option is to dive into Splunk's advanced XML.
In this chapter, we will explore advanced XML practices while also discussing the following topics:
The pipe symbol
Using
top
to show common field valuesUsing
stats
to aggregate valuesUsing
chart
to turn dataUsing
timechart
to show values over timeWorking with fields