Book Image

Splunk Operational Intelligence Cookbook - Second Edition

By : Jose E. Hernandez, Josh Diakun, Derek Mock, Paul R. Johnson
Book Image

Splunk Operational Intelligence Cookbook - Second Edition

By: Jose E. Hernandez, Josh Diakun, Derek Mock, Paul R. Johnson

Overview of this book

Splunk makes it easy for you to take control of your data, and with Splunk Operational Cookbook, you can be confident that you are taking advantage of the Big Data revolution and driving your business with the cutting edge of operational intelligence and business analytics. With more than 70 recipes that demonstrate all of Splunk’s features, not only will you find quick solutions to common problems, but you’ll also learn a wide range of strategies and uncover new ideas that will make you rethink what operational intelligence means to you and your organization. You’ll discover recipes on data processing, searching and reporting, dashboards, and visualizations to make data shareable, communicable, and most importantly meaningful. You’ll also find step-by-step demonstrations that walk you through building an operational intelligence application containing vital features essential to understanding data and to help you successfully integrate a data-driven way of thinking in your organization. Throughout the book, you’ll dive deeper into Splunk, explore data models and pivots to extend your intelligence capabilities, and perform advanced searching to explore your data in even more sophisticated ways. Splunk is changing the business landscape, so make sure you’re taking advantage of it.
Table of Contents (17 chapters)
Splunk Operational Intelligence Cookbook Second Edition
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface
Index

Index

A

  • abnormally-sized web requests
    • finding / Finding abnormally-sized web requests, How to do it…, How it works…, There's more…
    • anomalies command / The anomalies command
    • anomalousvalues command / The anomalousvalues command
    • anomalydetection command / The anomalydetection command
    • cluster command / The cluster command
  • abnormal user behavior
    • alerting on / Alerting on abnormal user behavior, How to do it…, How it works…
  • abnormal user purchases
    • without checkouts, alerting on / Alerting on abnormal user purchases without checkouts
  • abnormal web page response times
    • alerting on / Alerting on abnormal web page response times, How to do it…, How it works…
    • triggered alerts, viewing in Splunks Alert manager / Viewing triggered alerts in Splunk's Alert manager, See also
  • accelerated report
    • status, viewing / Viewing the status of an accelerated report
  • activity reports
    • drilling, dynamically / Dynamically drilling down on activity reports, How to do it…, How it works…
  • alert actions
    • about / Introduction
  • alerts
    • about / Introduction
    • URL / Introduction
    • types / Introduction
    • creating, on abnormal web page response times / Alerting on abnormal web page response times, How to do it…, How it works…
    • triggered alerts, viewing in Splunk Alert manager / Viewing triggered alerts in Splunk's Alert manager, See also
    • creating on errors, during checkout in real time / Alerting on errors during checkout in real time, How to do it…, How it works…, There's more…
    • building, via configuration file / Building alerts via a configuration file
    • configuration attributes editing, Advanced edit used / Editing alert configuration attributes using Advanced edit
    • real-time searches, identifying / Identify the real-time searches that are running
    • creating, on abnormal user behavior / Alerting on abnormal user behavior, How to do it…, How it works…
    • creating on abnormal user purchases, without checkouts / Alerting on abnormal user purchases without checkouts
    • creating, on failure / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
    • creating, on triggering scripted response / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
    • creating, on predicted sales exceeding inventory / Alerting when predicted sales exceed inventory, How to do it…, How it works…
    • RSS feed notification action, adding / Adding an RSS feed notification action to an alert, See also
  • alerts, types
    • scheduled alert / Introduction
    • per-result alert / Introduction
    • rolling-window alert / Introduction
  • anomalies command / The anomalies command
    • URL / The anomalies command
  • anomalous values
    • discovering / Introduction
  • anomalousvalues command / The anomalousvalues command
    • URL / The anomalousvalues command
  • anomalydetection command
    • about / The anomalydetection command
    • URL / The anomalydetection command
  • append command
    • URL / There's more…
  • application's functional performance
    • charting / Charting the application's functional performance, How to do it…, There's more…
  • application's memory usage
    • charting / Charting the application's memory usage, How to do it…, See also
  • application errors
    • ticket, creating for / Creating a ticket for application errors, How to do it…, There's more…
  • application logs
    • data model, creating for / Creating a data model for application logs, How to do it…, How it works…
  • application navigation
    • customizing / Customizing the application navigation, How to do it..., There's more…
  • applications functional statistics
    • area chart, creating / Creating an area chart of the application's functional statistics, How to do it…, How it works…
  • area chart
    • about / Introduction
    • of applications functional statistics, creating / Creating an area chart of the application's functional statistics, How to do it…, See also
  • ARIN
    • searching, for given IP address / Searching ARIN for a given IP address, Getting ready, How to do it…, There's more…
  • associate command
    • URL / How it works…
  • average execution time
    • calculating, for multi-tier web requests / Calculating the average execution time for multi-tier web requests, Getting ready, How to do it…, How it works…, There's more…
    • calculating, without using join / Calculating the average execution time without using a join
  • Average Product Price
    • Cell Highlighting, adding / Adding cell highlighting of average product price, How to do it..., How it works..., See also
  • average session time
    • on website, calculating / Calculating the average session time on a website, How to do it…, There's more…

B

  • bar chart
    • about / Introduction
    • used, for showing average amount spent by category / Using a bar chart to show the average amount spent by category, How to do it…, See also
  • Boolean operators
    • about / Introduction
    • AND / Introduction
    • OR / Introduction
    • NOT / Introduction
  • built-in pre-trained sourcetypes
    • URL / Introduction

C

  • calendar heatmap
    • of product purchases, adding / Adding a calendar heatmap of product purchases, How to do it..., How it works...
  • Cell Highlighting
    • of Average Product Price, adding / Adding cell highlighting of average product price, How to do it..., How it works..., There's more…
  • choropleth map
    • about / Introduction
    / How it works…
  • CLI (command-line interface)
    • directory data input, adding / Adding a file or directory data input via the CLI
    • file data input, adding / Adding a file or directory data input via the CLI
    • used, for adding network input / Adding a network input via the CLI
  • cluster command
    • about / The cluster command
    • URL / The cluster command
  • column chart
    • about / Introduction
  • Command Modular Input / Using modular inputs
  • commands
    • chart/timechart / Introduction
    • dedup / Introduction
    • eval / Introduction
    • fields / Introduction
    • head / Introduction
    • lookup / Introduction
    • rare / Introduction
    • rename / Introduction
    • replace / Introduction
    • search / Introduction
    • sort / Introduction
    • stats / Introduction
    • table / Introduction
    • tail / Introduction
    • top / Introduction
    • transaction / Introduction
  • Common Information Model (CIM)
    • URL / Introduction
  • completed transactions
    • versus hourly count of sessions, calculating / Calculating an hourly count of sessions versus completed transactions, How to do it…
  • concurrency command
    • URL / How it works…
  • concurrent sessions over time
    • maximum number, displaying / Displaying the maximum number of concurrent sessions over time, How to do it…, How it works…
    • accelerated report status, viewing / Viewing the status of an accelerated report
  • configuration files
    • URL / How it works…, How it works…
  • CRUD (Create, Read, Update, Delete) / Introduction
  • curl / Getting ready, Getting ready
    • URL / Getting ready, Getting ready
  • custom search command
    • creating, to format product names / Creating a custom search command to format product names, How to do it..., How it works...

D

  • D3.js
    • URL / How it works..., How it works...
  • dashboards
    • about / Introduction, Introduction
    • used, for operational intelligence / Introduction
    • adding / Adding dashboards and reports, How to do it…, How it works…
    • organizing / Organizing the dashboards more efficiently, How to do it…, How it works…
    • Simple XML, modifying / Modifying the Simple XML directly
    • PDF delivery, scheduling / Scheduling PDF delivery of a dashboard, How to do it…, How it works…
  • data
    • getting, through network plots / Getting data through network ports, How to do it…, There's more…
    • gathering, Universal Forwarder used / Using the Universal Forwarder to gather data
    • enriching, with visualizations / Introduction
    • collecting, from remote scanning devices / Collecting data from remote scanning devices, How to do it..., How it works...
  • database connections
    • searching / Counting the total number of database connections, How to do it…, How it works…
  • data files
    • one-time indexing, via Splunk CLI / One-time indexing of data files via the Splunk CLI
  • data inputs
    • URL / Adding a file or directory data input via the CLI
    • CLI used, URL / Adding a network input via the CLI
  • data model
    • Knowledge Manager, URL / Introduction
    • creating, for web access logs / Creating a data model for web access logs, How to do it…, How it works…
    • searching, search interface used / Searching data models using the search interface
    • creating, for application logs / Creating a data model for application logs, How to do it…, How it works…
    • accelerating / Accelerating data models, How to do it…, There's more…
    • acceleration, URL / How it works…
    • viewing / Viewing data model and acceleration summary information
    • summary information, accelerating / Viewing data model and acceleration summary information
    • advanced configuration / Advanced configuration of data model acceleration
  • datamodel command
    • URL / Searching data models using the search interface
  • Data Model Editor
    • about / Introduction
  • data sources
    • converging / Introduction
  • data summarization
    • about / Introduction
    • methods / Introduction
  • data summarization, methods
    • summary indexing / Introduction
    • report acceleration / Introduction
    • data model acceleration / Introduction
  • DB Connect
    • about / Introduction
    • URL / Looking up inventory from an external database
    • used, for direct external DB lookups / Use DB Connect for direct external DB lookups
  • directories
    • indexing / Indexing files and directories, Getting ready, How to do it…, How it works…
  • directory
    • data input, adding via command-line interface (CLI) / Adding a file or directory data input via the CLI
    • data input, adding via command-line interface / Adding a file or directory data input via the CLI
    • input, adding via inputs.conf / Adding a file or directory input via inputs.conf
  • Distributed Management Console (DMC) application / Use the Splunk KV store to maintain the session state table
  • distributions
    • mapping, by area / Mapping different distributions by area
  • drilldown feature
    • disabling, in tables / Disabling the drilldown feature in tables and charts
    • disabling, in charts / Disabling the drilldown feature in tables and charts
  • drilldown options
    • URL / Disabling the drilldown feature in tables and charts

E

  • errors
    • during checkout in real time, alerting on / Alerting on errors during checkout in real time, How to do it…, How it works…, There's more…
  • error web page response codes
    • totaling / Totaling success and error web page response codes
  • event types
    • defining / Defining event types and tags, How to do it…, How it works…
    • adding, via eventtypes.conf / Adding event types and tags via eventtypes.conf and tags.conf, See also
    • adding, to limit workflow actions / Limiting workflow actions by event types
    • URL / Limiting workflow actions by event types

F

  • failure
    • alerting on / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
  • field extractions
    • defining / Defining field extractions, How to do it…, How it works…
  • fields
    • about / Introduction
    • relationships, identifying / Introduction
    • future values, predicting / Introduction
  • file
    • input, adding via inputs.conf / Adding a file or directory input via inputs.conf
  • files
    • indexing / Indexing files and directories, How to do it…, How it works…
    • data input, adding via command-line interface (CLI) / Adding a file or directory data input via the CLI
  • filler gauge
    • about / Introduction
  • force-directed graph (FDG)
    • adding, of web hits / Adding a force-directed graph of web hits, How to do it..., How it works...
    • search manager, time range changing / Changing the time range on the search manager, See also
  • form
    • creating, for searching web activity / Creating a form for searching web activity, How to do it…, How it works…
    • Submit button, adding / Adding a Submit button to your form
    • web page activity reports, linking / Linking web page activity reports to the form, How to do it…, How it works…
  • form, inputs
    • Dropdown / Introduction
    • Radio / Introduction
    • Text / Introduction
    • Time / Introduction

G

  • gauge
    • used, for displaying number of errors / Using a gauge to display the number of errors, How to do it…, How it works…, See also
  • gauge visualizations
    • URL / There's more…
  • geographical map
    • of visitors, displaying / Displaying a geographical map of visitors, How to do it…, How it works…
  • geographic location
    • purchases, pivoting by / Pivoting purchases by geographic location, How to do it…, How it works…
  • Google search
    • triggering, for given error / Triggering a Google search for a given error, How to do it…, There's more…
    • triggering, from chart drilldown options / Triggering a Google search from the chart drilldown options
  • Graphical User Interface (GUI)
    • about / Introduction

H

  • head command
    • about / Searching for the top 10 using stats instead of top
  • heat map
    • about / Introduction
  • High Performance Analytics Store (HPAS) / Introduction
  • hostnames
    • adding, to IP addresses / Adding hostnames to IP addresses, How to do it…, There's more…
    • automatic external field lookups, enabling / Enabling automatic external field lookups
  • hourly count of sessions
    • versus completed transactions, calculating / Calculating an hourly count of sessions versus completed transactions, Getting ready, How to do it…, How it works…, There's more…
    • summary, generating frequently / Generating the summary more frequently
    • summary index, overlaps and gaps avoiding / Avoiding summary index overlaps and gaps
  • HTTP Event Collector
    • about / Introduction
    • URL / How it works...

I

  • inputs.conf
    • used, for adding file input / Adding a file or directory input via inputs.conf
    • used, for adding directory input / Adding a file or directory input via inputs.conf
    • used, for adding network input / Adding a network input via inputs.conf
  • Internet of Things (IoT) market / Introduction
  • inventory
    • looking up, from external database / Looking up inventory from an external database, Getting ready, How to do it…, How it works…
  • IP addresses
    • adding, to hostnames / Adding hostnames to IP addresses, How to do it…
  • item views
    • line chart, creating / Creating a line chart of item views and purchases over time, How to do it…, See also

J

  • Java Virtual Machine (JVM) / How it works…
  • join
    • URL / There's more…
    • used, for calculating average execution time / Calculating the average execution time without using a join

K

  • Key-Value (KV) store / Introduction

L

  • labels
    • adding, to single value panel / There's more…
  • line chart
    • about / Introduction
  • lookups
    • about / Introduction
    • adding, manually to Splunk / Manually adding the lookup to Splunk, See also

M

  • map drilldown options
    • URL / How it works…
  • map panel
    • adding, Simple XML used / Adding a map panel using Simple XML
  • mapping
    • URL / How it works…
  • marker gauge
    • about / Introduction
  • marker map
    • about / Introduction
    / How it works…
  • maximum concurrent checkouts
    • displaying / Displaying the maximum concurrent checkouts, Getting ready, How to do it…, How it works…
  • maximum events
    • defining / Defining maximum pause, span, and events in a transaction
  • maximum pause
    • defining / Defining maximum pause, span, and events in a transaction
  • maximum span
    • defining / Defining maximum pause, span, and events in a transaction
  • method requests
    • charting, by type / Charting the number of method requests by type and host, How to do it…, See also
    • charting, by host / Charting the number of method requests by type and host, How to do it…, See also
    • timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, There's more…
    • by host / Method requests, views, and response times by host
  • modular inputs
    • using / Using modular inputs, How to do it…, See also
  • most accessed web pages
    • searching / Finding the most accessed web pages, How to do it…, There's more…
    • top 10 accessed web pages, searching / Searching for the top 10 accessed web pages
    • searching, by user / Searching for the most accessed pages by user
  • most used OS types
    • web browser data, searching / Searching for the web browser data for the most used OS types
  • most used web browsers
    • searching / Finding the most used web browsers, How to do it…, How it works…
  • multi-tier web requests
    • average execution time, calculating / Calculating the average execution time for multi-tier web requests, Getting ready, How to do it…, How it works…, There's more…

N

  • Network Address Translation (NAT) / How it works…
  • network input
    • adding, via CLI / Adding a network input via the CLI
    • adding, via inputs.conf / Adding a network input via inputs.conf
  • network ports
    • data, getting through / Getting data through network ports, How to do it…, How it works…
  • number of purchases by city
    • overfilling / Backfilling the number of purchases by city, How to do it…, How it works…, There's more…
    • summary index, backfilling from within search directly / Backfilling a summary index from within a search directly

O

  • object attributes
    • about / Introduction
    • Auto-Extracted / Introduction
    • Eval-Expression / Introduction
    • Lookup / Introduction
    • Regular Expression / Introduction
    • Geo IP / Introduction
  • object constraint
    • about / Introduction
    • event object constraint / Introduction
    • Search object constraint / Introduction
    • transaction object constraint / Introduction
    • child object constraint / Introduction
  • object types
    • event objects / Introduction
    • search objects / Introduction
    • transaction objects / Introduction
    • child objects / Introduction
  • OpenStreetMap service
    • URL / How it works…
  • Operational Intelligence
    • dashboards, using for / Introduction
  • Operational Intelligence application
    • creating / Creating an Operational Intelligence application, How to do it…, How it works…
    • creating, from another application / Creating an application from another application
    • Splunk app, downloading / Downloading and installing a Splunk app, See also
    • Splunk app, installing / Downloading and installing a Splunk app, See also
  • Operational Intelligence dashboard
    • creating / Creating an Operational Intelligence dashboard, How to do it…, How it works…
    • permissions, changing / Changing dashboard permissions
  • overlay
    • adding, to Sessions Over Time chart / Adding an overlay to the Sessions Over Time chart, See also

P

  • PDF delivery
    • of dashboard, scheduling / Scheduling PDF delivery of a dashboard, How to do it…, How it works…
  • per-result alert
    • about / Introduction
  • permissions
    • URL / How to do it…
  • pie chart
    • about / Introduction
    • used, for showing most accessed web pages / Using a pie chart to show the most accessed web pages, How to do it…
    • top 10 accessed web pages, searching for / Searching for the top 10 accessed web pages
  • pivot command
    • URL / Pivot searching using the pivot command and search interface
  • pivot searching
    • pivot command used / Pivot searching using the pivot command and search interface
    • search interface used / Pivot searching using the pivot command and search interface
  • potential session spoofing
    • identifying / Identifying potential session spoofing, How to do it…, There's more…
    • logic, creating for urgency / Creating logic for urgency
  • predict command
    • URL / Predicting the average response time of function calls
  • product code descriptions
    • looking up / Looking up product code descriptions, How to do it…, How it works…
    • lookup, adding manually to Splunk / Manually adding the lookup to Splunk, See also
  • product names
    • formatting, by creating custom search command / Creating a custom search command to format product names, How to do it..., How it works...
  • product purchases
    • calendar heatmap, adding / Adding a calendar heatmap of product purchases, How to do it..., How it works...
  • purchases
    • by geographic location, pivoting / Pivoting purchases by geographic location, How to do it…, How it works…
  • purchases over time
    • line chart, creating / Creating a line chart of item views and purchases over time, How to do it…, See also
  • Python application
    • creating, to return unique IP addresses / Creating a Python application to return unique IP addresses, How to do it..., How it works...
    • seacrh result, paginating / Paginating the results of your search

R

  • radial gauge
    • about / Introduction
  • raw event data
    • making, readable / Making raw event data readable, Getting ready, How to do it…, How it works…
    • field, tabulating / Tabulating every field
    • fields, removing / Removing fields, then tabulating everything else
  • real-time searching
    • URL / There's more…
  • regular expression (regex) attribute / How to do it…
  • remote scanning devices
    • data, collecting from / Collecting data from remote scanning devices, How to do it..., How it works...
  • report acceleration
    • about / Introduction
    • ease / Introduction
  • reports
    • adding / Adding dashboards and reports, How to do it…, How it works…
    • saved reports, permissions changing / Changing permissions of saved reports
  • response times
    • timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, How it works…
    • by host / Method requests, views, and response times by host
  • REST API
    • about / Introduction
    • remotely querying, for unique page views / Remotely querying Splunk's REST API for unique page views, How to do it..., There's more…
    • session token, authenticating / Authenticating with a session token, See also
  • REST Wikipedia page
    • URL / How it works...
  • rolling-window alert
    • about / Introduction
  • RSS feed notification action
    • adding, to alerts / Adding an RSS feed notification action to an alert

S

  • sales, predicted
    • exceeding inventory, alerting on / Alerting when predicted sales exceed inventory, How to do it…, How it works…
  • sample data
    • loading / Loading the sample data for this book, How to do it…, How it works…
  • scatter chart
    • about / Introduction
    • used, for identifying discrete requests by size / Using a scatter chart to identify discrete requests by size and response time, How to do it…, How it works…, There's more…
    • used, for identifying discrete requests by response time / Using a scatter chart to identify discrete requests by size and response time, How to do it…, How it works…, There's more…
    • time series data points, using / Using time series data points with a scatter chart, See also
  • scheduled alert
    • about / Introduction
  • schedule reports
    • URL / How it works…
  • scripted inputs
    • using / Using scripted inputs, How to do it…, How it works…
  • scripted response
    • triggered, alerting on / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
  • searches
    • about / Introduction
    • saving / Introduction
  • Search Processing Language (SPL)
    • about / Introduction
    • reference link / Introduction
  • Sessions Over Time chart
    • overlay, adding / Adding an overlay to the Sessions Over Time chart, See also
  • session state table
    • creating / Creating a session state table, How to do it…, How it works…
  • SimpleXML
    • URL / Modifying the Simple XML directly
  • Simple XML
    • modifying / Modifying the Simple XML directly
    • used, for adding map panel / Adding a map panel using Simple XML
  • single value
    • about / Introduction
  • software development kits (SDKs) / Introduction
    • about / Introduction
  • sort command
    • about / How it works…
  • sparkline
    • about / Introduction
  • Splunk
    • about / Introduction
    • URL / There's more…, Introduction, How it works...
    • types and tags, URL / Defining event types and tags
    • with Gmail and Yahoo mail, URL / Getting ready
  • Splunk Answers
    • URL / Introduction
  • Splunk app
    • downloading / Downloading and installing a Splunk app
    • installing / Downloading and installing a Splunk app
    • URL / Downloading and installing a Splunk app
  • Splunk Apps
    • URL / How it works…
  • Splunk app store
    • URL / Introduction, How to do it…, There's more…
  • Splunk App store
    • URL / Introduction
  • Splunkbase
    • URL / Getting ready
  • Splunk developer website
    • URL / How it works...
  • Splunk KV store
    • using, to maintain session state table / Use the Splunk KV store to maintain the session state table
  • Splunk Python SDK
    • URL / Getting ready
  • stats command
    • about / How it works…
    • reference link / Searching for the most accessed pages by user, Searching for the top 10 using stats instead of top
    • used, for searching top 10 referring websites / Searching for the top 10 using stats instead of top
  • Submit button
    • adding, to form / Adding a Submit button to your form
  • subsearches
    • URL / How to do it…
  • success web page response codes
    • totaling / Totaling success and error web page response codes
  • summary index
    • backfilling, from within search directly / Backfilling a summary index from within a search directly, See also
  • summary indexing
    • about / Introduction
    • help / Introduction
  • suspect IP addresses
    • flagging / Flagging suspect IP addresses, How to do it…, How it works…, There's more…
    • existing saved search, modifying to populate lookup table / Modifying an existing saved search to populate a lookup table

T

  • table command
    • about / How it works…
  • tags
    • defining / Defining event types and tags, How to do it…, How it works…
    • adding, via tags.conf / Adding event types and tags via eventtypes.conf and tags.conf, See also
  • Technical Add-Ons (TAs)
    • about / Introduction
  • ticket
    • creating, for application error / Creating a ticket for application errors, How to do it…, There's more…
    • workflow action, adding manually in Splunk / Adding a workflow action manually in Splunk
  • timechart command
    • about / There's more…
  • time modifiers
    • about / Introduction
  • time series data points
    • using, wityh scatter chart / Using time series data points with a scatter chart
  • top-referring websites
    • identifying / Identifying the top-referring websites, How to do it…
  • top 10 referring websites
    • searching, with stats command / Searching for the top 10 using stats instead of top
  • top error codes
    • pivot charting / Pivot charting top error codes, How to do it…
  • top viewed products
    • listing / Listing the top viewed products, How to do it…, There's more…
    • percentage of cart additions, searching / Searching for the percentage of cart additions from product views
  • total sales transactions
    • pivoting / Pivoting total sales transactions, How to do it…, How it works…
  • transaction command
    • about / How it works…
  • transactions
    • identifying / Introduction
    • grouping / Introduction
    • URL / Defining maximum pause, span, and events in a transaction
  • trigger
    • conditions / Introduction

U

  • UF software
    • URL / Getting ready
  • Universal Forwarder
    • used, for gathering data / Using the Universal Forwarder to gather data, How to do it…, How it works…
    • receiving indexer, adding via outputs.conf / Add the receiving indexer via outputs.conf
  • Universal Forwarder (UF) / Indexing the Windows event logs

V

  • value
    • coloring, ranges based / Coloring the value based on ranges
    • trends, adding / Adding trends and sparklines to the values
    • sparklines, adding / Adding trends and sparklines to the values
  • views
    • timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, How it works…
    • by host / Method requests, views, and response times by host
  • visitors
    • displaying / Displaying the unique number of visitors, How to do it…, There's more…
    • geographical map, displaying / Displaying a geographical map of visitors, How to do it…, How it works…
  • visualizations
    • about / Introduction
    • used, for enriching data / Introduction
    • URL / Introduction
    • best practices / Introduction

W

  • web activity
    • searching, by creating form / Creating a form for searching web activity, How to do it…, How it works…
  • web browser data
    • searching, for most used OS types / Searching for the web browser data for the most used OS types
  • web framework
    • about / Introduction
  • Web Framework Toolkit app
    • URL / Introduction
  • web hits
    • force-directed graph (FDG), adding / Adding a force-directed graph of web hits, How to do it..., How it works...
  • web page response codes
    • charting / Charting web page response codes, How to do it…, How it works…
    • error events, totaling / Totaling success and error web page response codes
    • success events, totaling / Totaling success and error web page response codes
  • web page response time statistics
    • displaying / Displaying web page response time statistics, How to do it…, There's more…
    • displaying, by action / Displaying web page response time by action
  • web pages
    • activity reports, linking to forms / Linking web page activity reports to the form, How to do it…, How it works…
    • slowest responding web pages, pivoting / Pivoting slowest responding web pages, How to do it…, How it works…
  • web requests
    • relationship, analyzing / Analyzing the relationship of web requests, How to do it…
    • DB actions relationships, to memory utilization / Analyzing relationships of DB actions to memory utilization
  • website
    • average session time, calculating / Calculating the average session time on a website, How to do it…, How it works…, There's more…
    • checkout, ending with / Starts with a website visit, ends with a checkout
    • visit, starting with / Starts with a website visit, ends with a checkout
    • maximum pause, defining in transaction / Defining maximum pause, span, and events in a transaction
    • span, defining in transaction / Defining maximum pause, span, and events in a transaction
    • events, defining in transaction / Defining maximum pause, span, and events in a transaction
  • website traffic volumes
    • predicting / Predicting website traffic volumes, Getting ready, How to do it…, There's more…
    • number of items purchased, predicting / Predicting the total number of items purchased
    • function calls, average response time predicting / Predicting the average response time of function calls
  • wget / Getting ready, Getting ready
  • Windows event logs
    • indexing / Indexing the Windows event logs
  • workflow actions
    • about / Introduction
    • limiting, by adding event types / Limiting workflow actions by event types
  • workflows
    • about / Introduction