Index
A
- abnormally-sized web requests
- finding / Finding abnormally-sized web requests, How to do it…, How it works…, There's more…
- anomalies command / The anomalies command
- anomalousvalues command / The anomalousvalues command
- anomalydetection command / The anomalydetection command
- cluster command / The cluster command
- abnormal user behavior
- alerting on / Alerting on abnormal user behavior, How to do it…, How it works…
- abnormal user purchases
- without checkouts, alerting on / Alerting on abnormal user purchases without checkouts
- abnormal web page response times
- alerting on / Alerting on abnormal web page response times, How to do it…, How it works…
- triggered alerts, viewing in Splunks Alert manager / Viewing triggered alerts in Splunk's Alert manager, See also
- accelerated report
- status, viewing / Viewing the status of an accelerated report
- activity reports
- drilling, dynamically / Dynamically drilling down on activity reports, How to do it…, How it works…
- alert actions
- about / Introduction
- alerts
- about / Introduction
- URL / Introduction
- types / Introduction
- creating, on abnormal web page response times / Alerting on abnormal web page response times, How to do it…, How it works…
- triggered alerts, viewing in Splunk Alert manager / Viewing triggered alerts in Splunk's Alert manager, See also
- creating on errors, during checkout in real time / Alerting on errors during checkout in real time, How to do it…, How it works…, There's more…
- building, via configuration file / Building alerts via a configuration file
- configuration attributes editing, Advanced edit used / Editing alert configuration attributes using Advanced edit
- real-time searches, identifying / Identify the real-time searches that are running
- creating, on abnormal user behavior / Alerting on abnormal user behavior, How to do it…, How it works…
- creating on abnormal user purchases, without checkouts / Alerting on abnormal user purchases without checkouts
- creating, on failure / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
- creating, on triggering scripted response / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
- creating, on predicted sales exceeding inventory / Alerting when predicted sales exceed inventory, How to do it…, How it works…
- RSS feed notification action, adding / Adding an RSS feed notification action to an alert, See also
- alerts, types
- scheduled alert / Introduction
- per-result alert / Introduction
- rolling-window alert / Introduction
- anomalies command / The anomalies command
- URL / The anomalies command
- anomalous values
- discovering / Introduction
- anomalousvalues command / The anomalousvalues command
- URL / The anomalousvalues command
- anomalydetection command
- about / The anomalydetection command
- URL / The anomalydetection command
- append command
- URL / There's more…
- application's functional performance
- charting / Charting the application's functional performance, How to do it…, There's more…
- application's memory usage
- charting / Charting the application's memory usage, How to do it…, See also
- application errors
- ticket, creating for / Creating a ticket for application errors, How to do it…, There's more…
- application logs
- data model, creating for / Creating a data model for application logs, How to do it…, How it works…
- application navigation
- customizing / Customizing the application navigation, How to do it..., There's more…
- applications functional statistics
- area chart, creating / Creating an area chart of the application's functional statistics, How to do it…, How it works…
- area chart
- about / Introduction
- of applications functional statistics, creating / Creating an area chart of the application's functional statistics, How to do it…, See also
- ARIN
- searching, for given IP address / Searching ARIN for a given IP address, Getting ready, How to do it…, There's more…
- associate command
- URL / How it works…
- average execution time
- calculating, for multi-tier web requests / Calculating the average execution time for multi-tier web requests, Getting ready, How to do it…, How it works…, There's more…
- calculating, without using join / Calculating the average execution time without using a join
- Average Product Price
- Cell Highlighting, adding / Adding cell highlighting of average product price, How to do it..., How it works..., See also
- average session time
- on website, calculating / Calculating the average session time on a website, How to do it…, There's more…
B
- bar chart
- about / Introduction
- used, for showing average amount spent by category / Using a bar chart to show the average amount spent by category, How to do it…, See also
- Boolean operators
- about / Introduction
- AND / Introduction
- OR / Introduction
- NOT / Introduction
- built-in pre-trained sourcetypes
- URL / Introduction
C
- calendar heatmap
- of product purchases, adding / Adding a calendar heatmap of product purchases, How to do it..., How it works...
- Cell Highlighting
- of Average Product Price, adding / Adding cell highlighting of average product price, How to do it..., How it works..., There's more…
- choropleth map
- about / Introduction
- CLI (command-line interface)
- directory data input, adding / Adding a file or directory data input via the CLI
- file data input, adding / Adding a file or directory data input via the CLI
- used, for adding network input / Adding a network input via the CLI
- cluster command
- about / The cluster command
- URL / The cluster command
- column chart
- about / Introduction
- Command Modular Input / Using modular inputs
- commands
- chart/timechart / Introduction
- dedup / Introduction
- eval / Introduction
- fields / Introduction
- head / Introduction
- lookup / Introduction
- rare / Introduction
- rename / Introduction
- replace / Introduction
- search / Introduction
- sort / Introduction
- stats / Introduction
- table / Introduction
- tail / Introduction
- top / Introduction
- transaction / Introduction
- Common Information Model (CIM)
- URL / Introduction
- completed transactions
- versus hourly count of sessions, calculating / Calculating an hourly count of sessions versus completed transactions, How to do it…
- concurrency command
- URL / How it works…
- concurrent sessions over time
- maximum number, displaying / Displaying the maximum number of concurrent sessions over time, How to do it…, How it works…
- accelerated report status, viewing / Viewing the status of an accelerated report
- configuration files
- URL / How it works…, How it works…
- CRUD (Create, Read, Update, Delete) / Introduction
- curl / Getting ready, Getting ready
- URL / Getting ready, Getting ready
- custom search command
- creating, to format product names / Creating a custom search command to format product names, How to do it..., How it works...
D
- D3.js
- URL / How it works..., How it works...
- dashboards
- about / Introduction, Introduction
- used, for operational intelligence / Introduction
- adding / Adding dashboards and reports, How to do it…, How it works…
- organizing / Organizing the dashboards more efficiently, How to do it…, How it works…
- Simple XML, modifying / Modifying the Simple XML directly
- PDF delivery, scheduling / Scheduling PDF delivery of a dashboard, How to do it…, How it works…
- data
- getting, through network plots / Getting data through network ports, How to do it…, There's more…
- gathering, Universal Forwarder used / Using the Universal Forwarder to gather data
- enriching, with visualizations / Introduction
- collecting, from remote scanning devices / Collecting data from remote scanning devices, How to do it..., How it works...
- database connections
- searching / Counting the total number of database connections, How to do it…, How it works…
- data files
- one-time indexing, via Splunk CLI / One-time indexing of data files via the Splunk CLI
- data inputs
- URL / Adding a file or directory data input via the CLI
- CLI used, URL / Adding a network input via the CLI
- data model
- Knowledge Manager, URL / Introduction
- creating, for web access logs / Creating a data model for web access logs, How to do it…, How it works…
- searching, search interface used / Searching data models using the search interface
- creating, for application logs / Creating a data model for application logs, How to do it…, How it works…
- accelerating / Accelerating data models, How to do it…, There's more…
- acceleration, URL / How it works…
- viewing / Viewing data model and acceleration summary information
- summary information, accelerating / Viewing data model and acceleration summary information
- advanced configuration / Advanced configuration of data model acceleration
- datamodel command
- URL / Searching data models using the search interface
- Data Model Editor
- about / Introduction
- data sources
- converging / Introduction
- data summarization
- about / Introduction
- methods / Introduction
- data summarization, methods
- summary indexing / Introduction
- report acceleration / Introduction
- data model acceleration / Introduction
- DB Connect
- about / Introduction
- URL / Looking up inventory from an external database
- used, for direct external DB lookups / Use DB Connect for direct external DB lookups
- directories
- indexing / Indexing files and directories, Getting ready, How to do it…, How it works…
- directory
- data input, adding via command-line interface (CLI) / Adding a file or directory data input via the CLI
- data input, adding via command-line interface / Adding a file or directory data input via the CLI
- input, adding via inputs.conf / Adding a file or directory input via inputs.conf
- Distributed Management Console (DMC) application / Use the Splunk KV store to maintain the session state table
- distributions
- mapping, by area / Mapping different distributions by area
- drilldown feature
- disabling, in tables / Disabling the drilldown feature in tables and charts
- disabling, in charts / Disabling the drilldown feature in tables and charts
- drilldown options
- URL / Disabling the drilldown feature in tables and charts
E
- errors
- during checkout in real time, alerting on / Alerting on errors during checkout in real time, How to do it…, How it works…, There's more…
- error web page response codes
- totaling / Totaling success and error web page response codes
- event types
- defining / Defining event types and tags, How to do it…, How it works…
- adding, via eventtypes.conf / Adding event types and tags via eventtypes.conf and tags.conf, See also
- adding, to limit workflow actions / Limiting workflow actions by event types
- URL / Limiting workflow actions by event types
F
- failure
- alerting on / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
- field extractions
- defining / Defining field extractions, How to do it…, How it works…
- fields
- about / Introduction
- relationships, identifying / Introduction
- future values, predicting / Introduction
- file
- input, adding via inputs.conf / Adding a file or directory input via inputs.conf
- files
- indexing / Indexing files and directories, How to do it…, How it works…
- data input, adding via command-line interface (CLI) / Adding a file or directory data input via the CLI
- filler gauge
- about / Introduction
- force-directed graph (FDG)
- adding, of web hits / Adding a force-directed graph of web hits, How to do it..., How it works...
- search manager, time range changing / Changing the time range on the search manager, See also
- form
- creating, for searching web activity / Creating a form for searching web activity, How to do it…, How it works…
- Submit button, adding / Adding a Submit button to your form
- web page activity reports, linking / Linking web page activity reports to the form, How to do it…, How it works…
- form, inputs
- Dropdown / Introduction
- Radio / Introduction
- Text / Introduction
- Time / Introduction
G
- gauge
- used, for displaying number of errors / Using a gauge to display the number of errors, How to do it…, How it works…, See also
- gauge visualizations
- URL / There's more…
- geographical map
- of visitors, displaying / Displaying a geographical map of visitors, How to do it…, How it works…
- geographic location
- purchases, pivoting by / Pivoting purchases by geographic location, How to do it…, How it works…
- Google search
- triggering, for given error / Triggering a Google search for a given error, How to do it…, There's more…
- triggering, from chart drilldown options / Triggering a Google search from the chart drilldown options
- Graphical User Interface (GUI)
- about / Introduction
H
- head command
- about / Searching for the top 10 using stats instead of top
- heat map
- about / Introduction
- High Performance Analytics Store (HPAS) / Introduction
- hostnames
- adding, to IP addresses / Adding hostnames to IP addresses, How to do it…, There's more…
- automatic external field lookups, enabling / Enabling automatic external field lookups
- hourly count of sessions
- versus completed transactions, calculating / Calculating an hourly count of sessions versus completed transactions, Getting ready, How to do it…, How it works…, There's more…
- summary, generating frequently / Generating the summary more frequently
- summary index, overlaps and gaps avoiding / Avoiding summary index overlaps and gaps
- HTTP Event Collector
- about / Introduction
- URL / How it works...
I
- inputs.conf
- used, for adding file input / Adding a file or directory input via inputs.conf
- used, for adding directory input / Adding a file or directory input via inputs.conf
- used, for adding network input / Adding a network input via inputs.conf
- Internet of Things (IoT) market / Introduction
- inventory
- looking up, from external database / Looking up inventory from an external database, Getting ready, How to do it…, How it works…
- IP addresses
- adding, to hostnames / Adding hostnames to IP addresses, How to do it…
- item views
- line chart, creating / Creating a line chart of item views and purchases over time, How to do it…, See also
J
- Java Virtual Machine (JVM) / How it works…
- join
- URL / There's more…
- used, for calculating average execution time / Calculating the average execution time without using a join
K
- Key-Value (KV) store / Introduction
L
- labels
- adding, to single value panel / There's more…
- line chart
- about / Introduction
- lookups
- about / Introduction
- adding, manually to Splunk / Manually adding the lookup to Splunk, See also
M
- map drilldown options
- URL / How it works…
- map panel
- adding, Simple XML used / Adding a map panel using Simple XML
- mapping
- URL / How it works…
- marker gauge
- about / Introduction
- marker map
- about / Introduction
- maximum concurrent checkouts
- displaying / Displaying the maximum concurrent checkouts, Getting ready, How to do it…, How it works…
- maximum events
- defining / Defining maximum pause, span, and events in a transaction
- maximum pause
- defining / Defining maximum pause, span, and events in a transaction
- maximum span
- defining / Defining maximum pause, span, and events in a transaction
- method requests
- charting, by type / Charting the number of method requests by type and host, How to do it…, See also
- charting, by host / Charting the number of method requests by type and host, How to do it…, See also
- timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, There's more…
- by host / Method requests, views, and response times by host
- modular inputs
- using / Using modular inputs, How to do it…, See also
- most accessed web pages
- searching / Finding the most accessed web pages, How to do it…, There's more…
- top 10 accessed web pages, searching / Searching for the top 10 accessed web pages
- searching, by user / Searching for the most accessed pages by user
- most used OS types
- web browser data, searching / Searching for the web browser data for the most used OS types
- most used web browsers
- searching / Finding the most used web browsers, How to do it…, How it works…
- multi-tier web requests
- average execution time, calculating / Calculating the average execution time for multi-tier web requests, Getting ready, How to do it…, How it works…, There's more…
N
- Network Address Translation (NAT) / How it works…
- network input
- adding, via CLI / Adding a network input via the CLI
- adding, via inputs.conf / Adding a network input via inputs.conf
- network ports
- data, getting through / Getting data through network ports, How to do it…, How it works…
- number of purchases by city
- overfilling / Backfilling the number of purchases by city, How to do it…, How it works…, There's more…
- summary index, backfilling from within search directly / Backfilling a summary index from within a search directly
O
- object attributes
- about / Introduction
- Auto-Extracted / Introduction
- Eval-Expression / Introduction
- Lookup / Introduction
- Regular Expression / Introduction
- Geo IP / Introduction
- object constraint
- about / Introduction
- event object constraint / Introduction
- Search object constraint / Introduction
- transaction object constraint / Introduction
- child object constraint / Introduction
- object types
- event objects / Introduction
- search objects / Introduction
- transaction objects / Introduction
- child objects / Introduction
- OpenStreetMap service
- URL / How it works…
- Operational Intelligence
- dashboards, using for / Introduction
- Operational Intelligence application
- creating / Creating an Operational Intelligence application, How to do it…, How it works…
- creating, from another application / Creating an application from another application
- Splunk app, downloading / Downloading and installing a Splunk app, See also
- Splunk app, installing / Downloading and installing a Splunk app, See also
- Operational Intelligence dashboard
- creating / Creating an Operational Intelligence dashboard, How to do it…, How it works…
- permissions, changing / Changing dashboard permissions
- overlay
- adding, to Sessions Over Time chart / Adding an overlay to the Sessions Over Time chart, See also
P
- PDF delivery
- of dashboard, scheduling / Scheduling PDF delivery of a dashboard, How to do it…, How it works…
- per-result alert
- about / Introduction
- permissions
- URL / How to do it…
- pie chart
- about / Introduction
- used, for showing most accessed web pages / Using a pie chart to show the most accessed web pages, How to do it…
- top 10 accessed web pages, searching for / Searching for the top 10 accessed web pages
- pivot command
- URL / Pivot searching using the pivot command and search interface
- pivot searching
- pivot command used / Pivot searching using the pivot command and search interface
- search interface used / Pivot searching using the pivot command and search interface
- potential session spoofing
- identifying / Identifying potential session spoofing, How to do it…, There's more…
- logic, creating for urgency / Creating logic for urgency
- predict command
- URL / Predicting the average response time of function calls
- product code descriptions
- looking up / Looking up product code descriptions, How to do it…, How it works…
- lookup, adding manually to Splunk / Manually adding the lookup to Splunk, See also
- product names
- formatting, by creating custom search command / Creating a custom search command to format product names, How to do it..., How it works...
- product purchases
- calendar heatmap, adding / Adding a calendar heatmap of product purchases, How to do it..., How it works...
- purchases
- by geographic location, pivoting / Pivoting purchases by geographic location, How to do it…, How it works…
- purchases over time
- line chart, creating / Creating a line chart of item views and purchases over time, How to do it…, See also
- Python application
- creating, to return unique IP addresses / Creating a Python application to return unique IP addresses, How to do it..., How it works...
- seacrh result, paginating / Paginating the results of your search
R
- radial gauge
- about / Introduction
- raw event data
- making, readable / Making raw event data readable, Getting ready, How to do it…, How it works…
- field, tabulating / Tabulating every field
- fields, removing / Removing fields, then tabulating everything else
- real-time searching
- URL / There's more…
- regular expression (regex) attribute / How to do it…
- remote scanning devices
- data, collecting from / Collecting data from remote scanning devices, How to do it..., How it works...
- report acceleration
- about / Introduction
- ease / Introduction
- reports
- adding / Adding dashboards and reports, How to do it…, How it works…
- saved reports, permissions changing / Changing permissions of saved reports
- response times
- timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, How it works…
- by host / Method requests, views, and response times by host
- REST API
- about / Introduction
- remotely querying, for unique page views / Remotely querying Splunk's REST API for unique page views, How to do it..., There's more…
- session token, authenticating / Authenticating with a session token, See also
- REST Wikipedia page
- URL / How it works...
- rolling-window alert
- about / Introduction
- RSS feed notification action
- adding, to alerts / Adding an RSS feed notification action to an alert
S
- sales, predicted
- exceeding inventory, alerting on / Alerting when predicted sales exceed inventory, How to do it…, How it works…
- sample data
- loading / Loading the sample data for this book, How to do it…, How it works…
- scatter chart
- about / Introduction
- used, for identifying discrete requests by size / Using a scatter chart to identify discrete requests by size and response time, How to do it…, How it works…, There's more…
- used, for identifying discrete requests by response time / Using a scatter chart to identify discrete requests by size and response time, How to do it…, How it works…, There's more…
- time series data points, using / Using time series data points with a scatter chart, See also
- scheduled alert
- about / Introduction
- schedule reports
- URL / How it works…
- scripted inputs
- using / Using scripted inputs, How to do it…, How it works…
- scripted response
- triggered, alerting on / Alerting on failure and triggering a scripted response, How to do it…, How it works…, See also
- searches
- about / Introduction
- saving / Introduction
- Search Processing Language (SPL)
- about / Introduction
- reference link / Introduction
- Sessions Over Time chart
- overlay, adding / Adding an overlay to the Sessions Over Time chart, See also
- session state table
- creating / Creating a session state table, How to do it…, How it works…
- SimpleXML
- URL / Modifying the Simple XML directly
- Simple XML
- modifying / Modifying the Simple XML directly
- used, for adding map panel / Adding a map panel using Simple XML
- single value
- about / Introduction
- software development kits (SDKs) / Introduction
- about / Introduction
- sort command
- about / How it works…
- sparkline
- about / Introduction
- Splunk
- about / Introduction
- URL / There's more…, Introduction, How it works...
- types and tags, URL / Defining event types and tags
- with Gmail and Yahoo mail, URL / Getting ready
- Splunk Answers
- URL / Introduction
- Splunk app
- downloading / Downloading and installing a Splunk app
- installing / Downloading and installing a Splunk app
- URL / Downloading and installing a Splunk app
- Splunk Apps
- URL / How it works…
- Splunk app store
- URL / Introduction, How to do it…, There's more…
- Splunk App store
- URL / Introduction
- Splunkbase
- URL / Getting ready
- Splunk developer website
- URL / How it works...
- Splunk KV store
- using, to maintain session state table / Use the Splunk KV store to maintain the session state table
- Splunk Python SDK
- URL / Getting ready
- stats command
- about / How it works…
- reference link / Searching for the most accessed pages by user, Searching for the top 10 using stats instead of top
- used, for searching top 10 referring websites / Searching for the top 10 using stats instead of top
- Submit button
- adding, to form / Adding a Submit button to your form
- subsearches
- URL / How to do it…
- success web page response codes
- totaling / Totaling success and error web page response codes
- summary index
- backfilling, from within search directly / Backfilling a summary index from within a search directly, See also
- summary indexing
- about / Introduction
- help / Introduction
- suspect IP addresses
- flagging / Flagging suspect IP addresses, How to do it…, How it works…, There's more…
- existing saved search, modifying to populate lookup table / Modifying an existing saved search to populate a lookup table
T
- table command
- about / How it works…
- tags
- defining / Defining event types and tags, How to do it…, How it works…
- adding, via tags.conf / Adding event types and tags via eventtypes.conf and tags.conf, See also
- Technical Add-Ons (TAs)
- about / Introduction
- ticket
- creating, for application error / Creating a ticket for application errors, How to do it…, There's more…
- workflow action, adding manually in Splunk / Adding a workflow action manually in Splunk
- timechart command
- about / There's more…
- time modifiers
- about / Introduction
- time series data points
- using, wityh scatter chart / Using time series data points with a scatter chart
- top-referring websites
- identifying / Identifying the top-referring websites, How to do it…
- top 10 referring websites
- searching, with stats command / Searching for the top 10 using stats instead of top
- top error codes
- pivot charting / Pivot charting top error codes, How to do it…
- top viewed products
- listing / Listing the top viewed products, How to do it…, There's more…
- percentage of cart additions, searching / Searching for the percentage of cart additions from product views
- total sales transactions
- pivoting / Pivoting total sales transactions, How to do it…, How it works…
- transaction command
- about / How it works…
- transactions
- identifying / Introduction
- grouping / Introduction
- URL / Defining maximum pause, span, and events in a transaction
- trigger
- conditions / Introduction
U
- UF software
- URL / Getting ready
- Universal Forwarder
- used, for gathering data / Using the Universal Forwarder to gather data, How to do it…, How it works…
- receiving indexer, adding via outputs.conf / Add the receiving indexer via outputs.conf
- Universal Forwarder (UF) / Indexing the Windows event logs
V
- value
- coloring, ranges based / Coloring the value based on ranges
- trends, adding / Adding trends and sparklines to the values
- sparklines, adding / Adding trends and sparklines to the values
- views
- timechart, creating / Creating a timechart of method requests, views, and response times, How to do it…, How it works…
- by host / Method requests, views, and response times by host
- visitors
- displaying / Displaying the unique number of visitors, How to do it…, There's more…
- geographical map, displaying / Displaying a geographical map of visitors, How to do it…, How it works…
- visualizations
- about / Introduction
- used, for enriching data / Introduction
- URL / Introduction
- best practices / Introduction
W
- web activity
- searching, by creating form / Creating a form for searching web activity, How to do it…, How it works…
- web browser data
- searching, for most used OS types / Searching for the web browser data for the most used OS types
- web framework
- about / Introduction
- Web Framework Toolkit app
- URL / Introduction
- web hits
- force-directed graph (FDG), adding / Adding a force-directed graph of web hits, How to do it..., How it works...
- web page response codes
- charting / Charting web page response codes, How to do it…, How it works…
- error events, totaling / Totaling success and error web page response codes
- success events, totaling / Totaling success and error web page response codes
- web page response time statistics
- displaying / Displaying web page response time statistics, How to do it…, There's more…
- displaying, by action / Displaying web page response time by action
- web pages
- activity reports, linking to forms / Linking web page activity reports to the form, How to do it…, How it works…
- slowest responding web pages, pivoting / Pivoting slowest responding web pages, How to do it…, How it works…
- web requests
- relationship, analyzing / Analyzing the relationship of web requests, How to do it…
- DB actions relationships, to memory utilization / Analyzing relationships of DB actions to memory utilization
- website
- average session time, calculating / Calculating the average session time on a website, How to do it…, How it works…, There's more…
- checkout, ending with / Starts with a website visit, ends with a checkout
- visit, starting with / Starts with a website visit, ends with a checkout
- maximum pause, defining in transaction / Defining maximum pause, span, and events in a transaction
- span, defining in transaction / Defining maximum pause, span, and events in a transaction
- events, defining in transaction / Defining maximum pause, span, and events in a transaction
- website traffic volumes
- predicting / Predicting website traffic volumes, Getting ready, How to do it…, There's more…
- number of items purchased, predicting / Predicting the total number of items purchased
- function calls, average response time predicting / Predicting the average response time of function calls
- wget / Getting ready, Getting ready
- Windows event logs
- indexing / Indexing the Windows event logs
- workflow actions
- about / Introduction
- limiting, by adding event types / Limiting workflow actions by event types
- workflows
- about / Introduction