更新时间:2021-08-27 19:43:41
封面
Title Page
Copyright and Credits
Implementing Splunk 7 Third Edition
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Reviews
The Splunk Interface
Logging in to Splunk
The home app
The top bar
The Search & Reporting app
Data generator
The Summary view
Search
Actions
Timeline
The field picker
Fields
Search results
Options
Events viewer
Using the time picker
Using the field picker
The settings section
Splunk Cloud
Try before you buy
A quick cloud tour
The top bar in Splunk Cloud
Splunk reference app – PAS
Universal forwarder
eventgen
Next steps
Summary
Understanding Search
Using search terms effectively
Boolean and grouping operators
Clicking to modify your search
Event segmentation
Field widgets
Time
Using fields to search
Using wildcards efficiently
Supplementing wildcards in fields
All about time
How Splunk parses time
How Splunk stores time
How Splunk displays time
How time zones are determined and why it matters
Different ways to search against time
Presets
Relative
Real-time
Windowed real-time versus all-time real-time searches
Date range
Date and time range
Advanced
Specifying time in-line in your search
_indextime versus _time
Making searches faster
Sharing results with others
The URL
Save As Report
Save As Dashboard Panel
Save As Alert
Save As Event Type
Searching job settings
Saving searches for reuse
Creating alerts from searches
Enable Actions
Action Options
Sharing
Event annotations
An illustration
Tables Charts and Fields
About the pipe symbol
Using top to show common field values
Controlling the output of top
Using stats to aggregate values
Using chart to turn data
Using timechart to show values over time
The timechart options
Working with fields
A regular expression primer
Commands that create fields
eval
