Exploring Splunk: Search Processing Language (SPL) Primer and Cookbook
Splunk is probably the single most powerful tool for searching and exploring data you will ever encounter. Exploring Splunk provides an introduction to Splunk -- a basic understanding of Splunk's most important parts, combined with solutions to real-world problems.
Part I: Exploring Splunk
Chapter 1 tells you what Splunk is and how it can help you.
Chapter 2 discusses how to download Splunk and get started.
Chapter 3 discusses the search user interface and searching with Splunk.
Chapter 4 covers the most commonly used search commands.
Chapter 5 explains how to visualize and enrich your data with knowledge.
Part II: Solution Recipes
Chapter 6 covers the most common monitoring and alerting solutions.
Chapter 7 covers the most common transaction solutions.
Chapter 8 covers the most common lookup table solutions.
About the Author
David Carasso, Splunk's Chief Mind, was the third Splunk employee. He has been responsible for innovating and prototyping a class of hard problems at the Splunk core, including developing the Search Processing Language (SPL), dynamic event and source tagging, automatic field extraction, transaction grouping, event aggregation, and timestamping. He holds two patents for his work with Splunk.