Splunk

To sort the events returned by the search command in chronological order.

To differentiate between structured and unstructured events in the data.

To zoom in and zoom out, although this does not change the scale of the chart.

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

Add the Job results to a dashboard.

Change Job Lifetime from 10 minutes to 7 days.

Schedule the Job to re-run in 10 minutes.

Export the result to CSV format.

| lookup products.csv

inputlookup products.csv

| inputlookup products.csv

| lookup_definition products.csv

The owner of the report must clone the original report and save it to their user account.

Only users with an Admin or Power User role can access other users’ reports.

The owner of the report can edit permissions from the Edit dropdown.

Anyone can access any reports marked as public within a shared Splunk deployment.

To sort field values in descending order.

To return only fields containing five of fewer values.

To find the least common values of a field in a dataset.

To find the fields with the fewest number of values across a dataset.

Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.

Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.

The selected field and its corresponding values will appear underneath the events in the search results.

Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.

Knowledge Objects

Indexer

Search Head

Index

Forwarders

Deployment Server

Splunk is a software platform to search, analyze and visualize the machine-generated data.

Security Information and Event Management (SIEM).

Database management tool.

Cloud based application that help in analyzing logs.