To sort the events returned by the search command in chronological order.

To show peaks and/or valleys in the timeline, which can indicate spikes in activity or downtime.

To zoom in and zoom out, although this does not change the scale of the chart.

To differentiate between structured and unstructured events in the data.

Schedule the Job to re-run in 10 minutes.

Add the Job results to a dashboard.

Export the result to CSV format.

Change Job Lifetime from 10 minutes to 7 days.

| lookup products.csv

| lookup_definition products.csv

inputlookup products.csv

| inputlookup products.csv

Only users with an Admin or Power User role can access other users’ reports.

Anyone can access any reports marked as public within a shared Splunk deployment.

The owner of the report can edit permissions from the Edit dropdown.

The owner of the report must clone the original report and save it to their user account.

To sort field values in descending order.

To find the least common values of a field in a dataset.

To find the fields with the fewest number of values across a dataset.

To return only fields containing five of fewer values.

Splunk will re-run the search job in Verbose Mode to prioritize the new Selected Field.

Custom selections will replace the Interesting Fields that Splunk populated into the list at search time.

Splunk will highlight related fields as a suggestion to add them to the Selected Fields list.

The selected field and its corresponding values will appear underneath the events in the search results.

Forwarders

Knowledge Objects

Indexer

Index

Deployment Server

Search Head

Splunk is a software platform to search, analyze and visualize the machine-generated data.

Cloud based application that help in analyzing logs.

Security Information and Event Management (SIEM).

Database management tool.