Exploring Splunk

SEARCH PROCESSING LANGUAGE (SPL)
PRIMER AND COOKBOOK

Splunk is probably the single most powerful tool for searching and exploring data you will ever encounter. Exploring Splunk provides an introduction to Splunk -- a basic understanding of Splunk's most important parts, combined with solutions to real-world problems.

Part I: Exploring Splunk

  • Chapter 1 tells you what Splunk is and how it can help you.
  • Chapter 2 discusses how to download Splunk and get started.
  • Chapter 3 discusses the search user interface and searching with Splunk.
  • Chapter 4 covers the most commonly used search commands.
  • Chapter 5 explains how to visualize and enrich your data with knowledge.

Part II: Solution Recipes

  • Chapter 6 covers the most common monitoring and alerting solutions.
  • Chapter 7 covers the most common transaction solutions.
  • Chapter 8 covers the most common lookup table solutions.

About the Author

David Carasso, Splunk's Chief Mind, was the third Splunk employee. He has been responsible for innovating and prototyping a class of hard problems at the Splunk core, including developing the Search Processing Language (SPL), dynamic event and source tagging, automatic field extraction, transaction grouping, event aggregation, and timestamping. He holds two patents for his work with Splunk, and lives in Marin County, California, with his wife and three children.

Email Feedback/Corrections

Links Referenced in Exploring Splunk

Chapter Topic Description Link
2 tutorial The Splunk Tutorial docs.splunk.com/Documentation/Splunk/4.2/User/WelcometotheSplunktutorial
2 add_data Tutorial: how to add sample data docs.splunk.com/Documentation/Splunk/4.2/User/Adddatatutorial
2 sample_data Tutorial: link to sample data www.splunk.com/base/images/Tutorial/Sampledata.zip
3 mining_tips Mining unfamiliar data www.innovato.com/splunk/mining.htm
5 auto_fields More information on automatic field extraction docs.splunk.com/Documentation/Splunk/latest/knowledge/Aboutfields#An_example_of_automatic_field_extraction
5 ifx More information about the Interactive Field Extractor (IFX) docs.splunk.com/Documentation/Splunk/4.2/User/InteractiveFieldExtractionExample
5 config_fields Manually configuring field extractions docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managesearch-timefieldextractions
5 search_fields Use the search language to extract fields docs.splunk.com/Documentation/Splunk/4.2/User/ExtractFieldsWithSearchCommands
5 custom_alerts Creating custom alert scripts docs.splunk.com/Documentation/Splunk/4.2/admin/ConfigureScriptedAlerts
6 concurrency The concurrency search command docs.splunk.com/Documentation/Splunk/latest/SearchReference/Concurrency
6 metadata The metadata search command docs.splunk.com/Documentation/Splunk/latest/SearchReference/metadata
6 streamstats The streamstats search command docs.splunk.com/Documentation/Splunk/latest/SearchReference/streamstats
6 trendline The trendline search command docs.splunk.com/Documentation/Splunk/latest/SearchReference/Trendline
8 autolookup Configuring automatic Lookups docs.splunk.com/Documentation/Splunk/4.2/User/CreateAndConfigureFieldLookups
8 lookuptutorial Lookup tutorial docs.splunk.com/Documentation/Splunk/4.2/User/Fieldlookupstutorial
8 externallookups Lookup fields from external sources docs.splunk.com/Documentation/Splunk/latest/Knowledge/Addfieldsfromexternaldatasources
8 mount Mounting a knowledge bundle docs.splunk.com/Documentation/Splunk/latest/Deploy/Mounttheknowledgebundle
8 distributed Configuring distributed search docs.splunk.com/Documentation/Splunk/latest/Deploy/Configuredistributedsearch
8 subsearch How subsearches work doc.splunk.com/Documentation/Splunk/4.2/User/HowSubsearchesWork
8 field_lookup Create and configure field lookups docs.splunk.com/Documentation/Splunk/4.2/User/CreateAndConfigureFieldLookups
8 transform Transforms configuration docs.splunk.com/Documentation/Splunk/latest/Admin/Transformsconf

 

Recommended Links

Description Link
Splunk download page splunk.com/download
Splunk docs docs.splunk.com
Splunk community splunkbase.com
Unofficial Splunk docs innovato.com
Training videos splunk.com/view/SP-CAAAGB6
Splunk videos splunk.com/videos
Splunk blogs blogs.splunk.com
Splunk TV splunk.tv