Contents
1 *Splunk 9: Optimizing Fields, Tags, and Event Types - Course Overview
2 Understanding Splunk Knowledge
2.2 Understanding Splunk Knowledge
2.3 The Splunk Search Operations
2.4 Optimizing Knowledge Objects
2.5 Managing Knowledge Objects
3.3 Using Calculated Fields in Splunk
3.4 Creating Calculated Fields in Splunk
3.5 Introducing the Field Extraction Process
3.6 Working with the Field Extractor in Splunk
4.1 Introducing Tags and Event Types
4.4 Using Event Types in Splunk
4.5 Creating Event Types in Splunk – Demo
5.2 Creating and Using Splunk Lookups
5.3 Detailing Splunk Scripted Lookups
5.4 Creating and Using Scripted Lookups (External Lookup)
5.5 Understanding Geospatial Lookups
5.6 Configuring Splunk for Geo Lookups
6.1 Understanding Splunk Macros
6.2 Creating and Using Simple Macros
6.3 Configuring Macros with Variables and Arguments
6.4 Reviewing Splunk Knowledge Objects
6.5 Searching Efficiently Using Knowledge Objects
6.6 Wrapping up Splunk Knowledge Optimization
*Splunk 9: Optimizing Fields, Tags, and Event Types - Course Overview
Understanding Splunk Knowledge
Let’s Talk About Splunk!
Understanding Splunk Knowledge
During searches - Index time or search time knowledge created
And etc.,
The Splunk Search Operations
Optimizing Knowledge Objects
Managing Knowledge Objects
Settings – All configurations
Splunk Data Enrichment
*Customizing Splunk Fields
Watch one more time
Managing Splunk Fields
Creating Fields in Splunk
Naming conventions to be standardized
Using Calculated Fields in Splunk
How can we get all calculated fields?
Creating Calculated Fields in Splunk
Introducing the Field Extraction Process
Inline – using regex or delimitter
Settings > Fields > Fiedld Extractions
Splunk_TA_Windows ???
Working with the Field Extractor in Splunk
Open Field Extractor >
Using Tags and Event Types
Introducing Tags and Event Types
Using Tags in Splunk
Settings > Tags > Add New
Or Add Tags from Search Results
Event types if we collect more data every day
Creating Tags in Splunk
Settings > Tag > List by Tag Name > New Tag
Using Event Types in Splunk
Automatically find event types for given index
???
Creating Event Types in Splunk – Demo
Settings > EventTypes
Combination of some items which we can see in Search string
Add New
First write search string and check in search then use it in EventTypes definition to narrow down
Enriching Splunk Knowledge
Exploring Splunk Lookups
Creating and Using Splunk Lookups
Settings > Lookups
Add Lookup file
Defin Lookup definition – familiar with Type
??? how to delete the uploaded file with index
???Search – if we add more condition the search will be faster
Detailing Splunk Scripted Lookups
Creating and Using Scripted Lookups (External Lookup)
Check external_lookup.py
Understanding Geospatial Lookups
Configuring Splunk for Geo Lookups
| inputlookup geo_countries
| inputlookup geo_us_states
Settings > Lookups > GeoIP lookups file
Get the file from https://www.maxmind.com/en/home - we can create account to use their database
Upload required of file in splunk
Utilizing Search Macros
Understanding Splunk Macros
Creating and Using Simple Macros
Settings > Advanced search > Search Macro >
Macro surrounded by “`”
To see macro definition in search itself > CTRL+SHIFT+E
CLI
Configuring Macros with Variables and Arguments
Settings > Advanced Search > Search Macros > Add New
Reviewing Splunk Knowledge Objects
Searching Efficiently Using Knowledge Objects
Not completed with understanding
Creating a new macro
Wrapping up Splunk Knowledge Optimization
No comments:
Post a Comment