Practical Splunk Search Processing Language: A Guide for Mastering Spl Commands for Maximum Efficiency and Outcome (Paperback)

· 제목 : Practical Splunk Search Processing Language: A Guide for Mastering Spl Commands for Maximum Efficiency and Outcome (Paperback) 
· 분류 : 외국도서 > 경제경영 > 산업 > 컴퓨터
· ISBN : 9781484262757
· 쪽수 : 268쪽
· 출판일 : 2020-11-24

1.      The Search Engine for IT ? Introducing Splunk Platform and SPL

Goal: This chapter will explain what Splunk Platform is, and how it can help organizations. It introduces SPL and helps user to run their first SPL query

a.      The problem with Logs

b.      Architecture of Splunk Platform

c.       Use Cases

d.      Introduction to SPL

e.      Navigating the Splunk Web Search interface

f.        Writing your first SPL query

2.       Calculating statistics

Goal: This chapter will cover everything the user has to know about generating statistics. Through many examples, this chapter will walk the user through various options of stats and other reporting commands

a.      Using stats

b.      Using Eval

c.       Using top and rare

d.      Lesser known commands

e.      Producing visualizations

 

3.      Using Time and time related operations

Goal: This chapter will introduce how Splunk handles times and walk through the timechart command. It will also various ways to manipulate time in Splunk

a.      How Splunk determines Event Time

b.      Using Timechart command

c.       Time related commands

d.      Compare metrics from different timeframes in the same chart

4.      Grouping and Correlating

Goal: This chapter will introduce how to group and correlate events in Splunk. It will provide examples to explain when a certain command is useful and when it is not.

a.      Grouping events using transaction

b.      Using Join

c.       When to use transaction command (and when not to)

5.       Working with Fields

Goal: This chapter will cover the Field extraction and manipulation in Splunk. It will explain the all-important “rex” command in detail.

a)      Fields in Splunk

b)      Extracting fields using rex

c)      Using fields command

d)      Filtering, sorting and deduping results

6.      Using Lookups

Goal: This chapter will cover how to use the lookup feature of Splunk. It will walk through the user on how to add an external CSV file to Splunk and use SPL to manipulate it.

a.      Adding an external CSV file as a lookup table

b.      Using the lookup command

c.       Using the outputlookup command

d.      Configuring automatic lookup

7.      Advanced SPL commands

Goal: This chapter will cover advanced command such as predict and outlier. It will also cover miscellaneous commands such as geostats.

a.      How to remove outliers from search results

b.      Predicting future values

c.       Geo mapping using SPL

d.      Using Cluster command to find patterns

 

8.      Less common yet impactful SPL commands

Goal: This chapter will cover miscellaneous commands that are not very popular but very powerful under certain scenarios.

a.      Using tstats command to speed up statistical calculations

b.      Using fillnull and their variants

c.       Handling multiple valued fields

d.      Extracting fields from structured data

e.      Using the bin command to partition data

f.        Using erex command to help with regex

g.      Using the untable command

h.      Using the xyseries command

9.      Using the Job Inspector to analyze SPL performance

Goal: This chapter will introduce Splunk Job Inspector to analyze the performance of SPL queries. This chapter will also provide tips on optimizing SPL Queries.

a.      Optimizing SPL

b.      Analyzing performance of Job using Job Inspector

c.       Tips for improving Dashboard load times