Splunk Series II: Filtering/Formatting Data
Filter and format Splunk data with eval, search, and where commands — calculate field values, apply conditional logic, and clean up report output.
Posts
Splunk Series II: Fundamentals II
Splunk Fundamentals 2 topics — transforming commands, transactions, knowledge objects, field aliases, tags, macros, data models, and the CIM.
Splunk Series II: Knowledge Objects and Managing Fields
Splunk knowledge objects explained — field extractions, event types, lookups, workflow actions, tags, and data models for sharing reusable assets.
Splunk Series II: Visualizations
Splunk visualization types — line charts, bubble charts, cluster maps, choropleth maps, single-value panels — turning search results into dashboards.
Splunk Series: Basic Search
Get started with Splunk basic search — using the search assistant, pipes, commands, and reading results in the SPL editor to query indexed data fast.
Splunk Series: Components
Splunk core components — Indexer, Search Head, and Forwarders — and how each role processes machine data, runs searches, and delivers results.
Splunk Series: Feeding Data to Splunk
How Splunk ingests data — input, parsing, and indexing phases — plus supported sources: files, network data, scripts, Windows logs, and HTTP events.
Splunk Series: Field searches
Run Splunk field searches using key/value pairs, AND/OR/NOT operators, meta fields, and the Selected vs Interesting Fields sidebar to narrow results.
Splunk Series: Overview of Splunk
What Splunk does and the data sources it ingests — logs, configs, network devices, scripts — so security and ops teams can analyze machine data.
Splunk Series: Saving Search Jobs
Save and share Splunk search jobs: default 10-minute lifetime, extending to 7 days, scheduling reports, and setting Private vs Everyone permissions.