Splunk Ninja – Fields of Dreams

I spend a great deal of time using, learning and demonstrating Splunk, and recently I had some questions from users on “what can I do with fields?”, “how do i make them?”, “how do I tweak them?”. That inspired me to publish a new Splunk Ninja episode known as “Fields of Dreams”.

In this episode, Splunk Ninja gives an all out tour of “fields” in Splunk 4.0, how they work, how to use them, some tips and tricks as well.

The ability for Splunk to handle multiple data formats all in a single search index and do “search time field extraction” is unique to the marketplace.

Additionally, you’ll see me take fields and use them to assemble a transaction with Cisco PIX firewall logs. I use the “| transaction” search command to link and calculate the duration of outbound TCP connections.

Comments, suggestions, or new Splunk Ninja video ideas welcome!

Note: Often in blogs, this one, and on my site http://splunkninja.com the “fullscreen toggle” buttons don’t work properly on videos that are embedded. I shoot all of mine in 1280×720 (720p) resolution. If you would like to go directly to the episode so you can watch it in fullscreen or even download it, go here:

Splunk Ninja – Fields of Dreams

Tags: splunkninja, splunk, fields, transaction, video, ifx

----------------------------------------------------
Thanks!
Michael Wilde