Splunk Tutorial
Selected Reading
- Splunk - Discussion
- Splunk - Useful Resources
- Splunk - Quick Guide
- Splunk - Stats Command
- Splunk - Top Command
- Splunk - Sort Command
- Splunk - Monitoring Files
- Splunk - Custom Chart
- Splunk - Removing Data
- Splunk - Apps
- Splunk - Tags
- Splunk - Calculated Fields
- Splunk - Managing Indexes
- Splunk - Sparklines
- Splunk - Overlay chart
- Splunk - Basic Chart
- Splunk - Event Types
- Splunk - Search Macros
- Splunk - Subseraching
- Splunk - Knowledge Management
- Splunk - Schedules and Alerts
- Splunk - Lookups
- Splunk - Pivot & Datasets
- Splunk - Dashboards
- Splunk - Reports
- Splunk - Transforming commands
- Splunk - Search Optimization
- Splunk - Search Language
- Splunk - Sharing and Exporting
- Splunk - Time Range Search
- Splunk - Field Searching
- Splunk - Basic Searching
- Splunk - Source Types
- Splunk - Data Ingestion
- Splunk - Interfaces
- Splunk - Environment
- Splunk - Overview
- Splunk - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Splunk - Field Searching
Splunk - Field Searching
When Splunk reads the uploaded machine data, it interprets the data and spanides it into many fields which represent a single logical fact about the entire data record.
For example, a single record of information may contain server name, timestamp of the event, type of the event being logged whether login attempt or a http response, etc. Even in case of unstructured data, Splunk tries to spanide the fields into key value pairs or separate them based on the data types they have, numeric and string, etc.
Continuing with the data uploaded in the previous chapter, we can see the fields from the secure.log file by cpcking on the show fields pnk which will open up the following screen. We can notice the fields Splunk has generated from this log file.
Choosing the Fields
We can choose what fields to be displayed by selecting or unselecting the fields from the pst of all fields. Cpcking on all fields opens a window showing the pst of all the fields. Some of these fields have check marks against them showing they are already selected. We can use the check boxes to choose our fields for display.
Besides the name of the field, it displays the number of distinct values the fields have, its data type and what percentage of events this field is present in.
Field Summary
Very detailed stats for every selected field become available by cpcking on the name of the field. It shows all the distinct values for the field, their count and their percentages.
Using Fields in Search
The field names can also be inserted into the search box along with the specific values for the search. In the below example, we aim to find all the records for the date, 15th Oct for the host named mailsecure_log. We get the result for this specific date.
Advertisements