Author: k A

Indexing is a mechanism to speed up the search process by giving numeric addresses to the piece of data being searched. Splunk indexing is similar to the concept of indexing…

A sparkline is a small representation of some statistical information without showing the axes. It generally appears as a line with bumps just to indicate how certain quantity has changed…

Many times, we need to put one chart over another to compare or see the trend of the two charts. Splunk supports this feature through the chart overlay feature available…

Splunk has great visualization features which shows a variety of charts. These charts are created from the results of a search query where appropriate functions are used to give numerical…

In Splunk search, we can design our own events from a dataset based on certain criteria. For example, we search for only the events which have a http status code…

Search macros are reusable blocks of Search Processing Language (SPL) that you can insert into other searches. They are used when you want to use the same search logic on…

Subsearch is a special case of the regular search when the result of a secondary or inner query is the input to the primary or outer query. It is similar…

Splunk knowledge management is about maintenance of knowledge objects for a Splunk Enterprise implementation. Below are the main features of knowledge management − Ensure that knowledge objects are being shared and used…

Scheduling is the process of setting up a trigger to run the report automatically without the user’s intervention. Below are the uses of scheduling a report − By running the…

In the result of a search query, we sometimes get values which may not clearly convey the meaning of the field. For example, we may get a field which lists…