Splunk

A sparkline is a small representation of some statistical information without showing the axes. It generally appears as a line with bumps just to indicate how certain quantity has changed…

Many times, we need to put one chart over another to compare or see the trend of the two charts. Splunk supports this feature through the chart overlay feature available…

Splunk has great visualization features which shows a variety of charts. These charts are created from the results of a search query where appropriate functions are used to give numerical…

In Splunk search, we can design our own events from a dataset based on certain criteria. For example, we search for only the events which have a http status code…

Search macros are reusable blocks of Search Processing Language (SPL) that you can insert into other searches. They are used when you want to use the same search logic on…

Subsearch is a special case of the regular search when the result of a secondary or inner query is the input to the primary or outer query. It is similar…

Splunk knowledge management is about maintenance of knowledge objects for a Splunk Enterprise implementation. Below are the main features of knowledge management − Ensure that knowledge objects are being shared and used…

Scheduling is the process of setting up a trigger to run the report automatically without the user’s intervention. Below are the uses of scheduling a report − By running the…

In the result of a search query, we sometimes get values which may not clearly convey the meaning of the field. For example, we may get a field which lists…

Splunk can ingest different types of data sources and build tables which are similar to relational tables. These are called table dataset or just tables. They provide easy ways to analyse and filter…