Index

A

• acceleration
  • about / Acceleration in version 7.0, Acceleration
  • big data / Big data – summary strategy
  • reporting / Report acceleration
  • availability, reporting / Report acceleration availability
• addterm / addterm
• advanced XML
  • using / Reasons for working with advanced XML
  • avoiding / Reasons for not working with advanced XML
  • structure / Advanced XML structure
  • simple XML, converting to / Converting simple XML to advanced XML
• alerts
  • creating, from search / Creating alerts from searches
  • actions, enabling / Enable Actions
  • action options / Action Options
  • sharing / Sharing
• all-time real-time searches
  • versus windowed real-time searches / Windowed real-time versus all-time real-time searches
• apps
  • defining / Defining an app
  • purposes / Defining an app
  • installing / Installing apps
  • installing, from Splunkbase / Installing apps from Splunkbase
  • Geo Location Lookup Script, using / Using Geo Location Lookup Script
  • Google Maps, using / Using Google Maps
  • installing, from file / Installing apps from a file
  • custom app, building / Building your first app
  • directory structure / App directory structure
  • configuration, organizing / Using apps to organize configuration
• appserver resources
  • about / Appserver resources
  • static directory / Appserver resources
  • event_renderers / Appserver resources
  • templates / Appserver resources
  • modules / Appserver resources
• attribute / The structure of a Splunk configuration file
• authentication
  • with LDAP / Using LDAP for authentication
• authorize.conf / authorize.conf
• authorize.conf, settings
  • importRoles / authorize.conf
  • schedule_search / authorize.conf
  • rtsearch / authorize.conf
  • srchIndexesAllowed / authorize.conf
  • srchIndexesDefault / authorize.conf
  • srchDiskQuota / authorize.conf
  • srchJobsQuota / authorize.conf
  • rtSrchJobsQuota / authorize.conf
• automatic lookup
  • defining / Defining an automatic lookup
• Autorun dashboard / Autorun dashboard
• average events
  • calculating, per minute / Calculating average events per minute, per hour
  • calculating, per hour / Calculating average events per minute, per hour
• average requests per minute
  • calculating / Calculating average requests per minute

B

• btool
  • using / Using btool
• bucket
  • life cycle / The life cycle of a bucket

C

• chart, format options
  • General / Using chart to turn data
  • X-Axis / Using chart to turn data
  • Y-Axis / Using chart to turn data
  • Chart Overlay / Using chart to turn data
  • Legend / Using chart to turn data
• chart command
  • used, for turning data / Using chart to turn data
• chart configuration
  • reference / Chart enhancements in version 7.0
• chart enhancements
  • in version 7.0 / Chart enhancements in version 7.0
  • charting.lineWidth / charting.lineWidth
  • charting.data.fieldHideList / charting.data.fieldHideList
  • charting.legend.mode / charting.legend.mode
  • charting.fieldDashStyles / charting.fieldDashStyles
  • charting.axis Y.abbreviation / charting.axis Y.abbreviation
• chart styles
  • reference / The timechart options
• Classless Inter-Domain Routing (CIDR) / CIDR wildcard lookups
• clicks
  • search, modifying / Clicking to modify your search
  • event segmentation / Event segmentation
  • field widgets / Field widgets
  • on time / Time
• collect
  • used, for producing custom summary indexes / Using collect to produce custom summary indexes
• collectId / Using Splunk metrics
• command-line interface (CLI) / Logging in to Splunk
• command line
  • Splunk, using / Using Splunk from the command line
• commands
  • writing / Writing commands, When to write a command
  • avoiding / When not to write a command
  • configuring / Configuring commands
  • fields, adding / Adding fields
  • data, manipulating / Manipulating data
  • data, transforming / Transforming data
  • data, generating / Generating data
• commands.conf / commands.conf
• comma separated values (CSV) / Using lookups to enrich data
• concurrency
  • determining / Determining concurrency
  • transaction, used / Using transaction with concurrency
  • used, to estimate server load / Using concurrency to estimate server load
  • calculating, with by clause / Calculating concurrency with a by clause
• configuration
  • organizing, with apps / Using apps to organize configuration
  • separating, by purpose / Separate configurations by purpose
• configuration apps
  • inputs-sometype / Separate configurations by purpose
  • props-sometype / Separate configurations by purpose
  • outputs-datacenter / Separate configurations by purpose
  • indexerbase / Separate configurations by purpose
• configuration distribution
  • about / Configuration distribution
  • custom deployment system, using / Using your own deployment system
  • Splunk deployment server, using / Using the Splunk deployment server
• configuration file
  • locating / Locating Splunk configuration files
  • directories / Locating Splunk configuration files
  • structure / The structure of a Splunk configuration file
• configuration merging logic
  • about / The configuration merging logic, The configuration merging logic
  • merging order / The merging order
  • example / Configuration merging – example 1, Configuration merging – example 2, Configuration merging – example 3, Configuration merging – example 4, search
  • btool, using / Using btool
• content recommendation engines / Content recommendation engines
• context macro
  • building / Building the context macro
• context workflow action
  • building / Building the context workflow action
• crcSalt
  • using / When to use crcSalt
  • about / When to use crcSalt
• CSV files
  • used, for storing transient data / Using CSV files to store transient data
  • dropdown, pre-populating / Pre-populating a dropdown
  • running calculation, creating / Creating a running calculation for a day
• custom app
  • building / Building your first app
  • customizing / Customizing the appearance of your app
  • launcher icon, customizing / Customizing the launcher icon
  • custom CSS, using / Using custom CSS
  • custom HTML, using / Using custom HTML
  • adding, to Splunkbase / Adding your app to Splunkbase
  • preparing / Preparing your app
  • sharing settings, confirming / Confirming sharing settings
  • directories, cleaning up / Cleaning up our directories
  • packaging / Packaging your app
  • uploading / Uploading your app
• custom CSS
  • using / Using custom CSS
• custom deployment system
  • using / Using your own deployment system
• custom drilldown
  • creating / Creating a custom drilldown
  • building, to custom query / Building a drilldown to a custom query
  • building, to another panel / Building a drilldown to another panel
  • building, to multiple panels with HiddenPostProcess / Building a drilldown to multiple panels using HiddenPostProcess
• custom HTML
  • using / Using custom HTML
  • using, in dashboard / Custom HTML in a simple dashboard
  • server-side, using in complex dashboard / Using server-side include in a complex dashboard
• custom index type / Definition of a Splunk metric
• custom search commands / Extended SPL (search processing language)
• custom summary indexes
  • producing, with collect / Using collect to produce custom summary indexes

D

• dashboards
  • purpose / The purpose of dashboards
  • building, with wizards / Using wizards to build dashboards
  • panel, adding / Adding another panel
  • panel, rearranging / A cool trick
  • panel, modifying / A cool trick
  • panel, converting to report / Converting the panel to a report
  • prebuilt panel, converting / More options
  • menu / Back to the dashboard
  • input, adding / Add input
  • source, editing / Editing source
  • user interface, editing / Edit UI
  • form, creating / Creating a form from a dashboard
  • generation, scheduling / Scheduling the generation of dashboards
  • development process / Development process
• data model
  • about / What is a data model?
  • search, generating / What does a data model search?
  • objects / Data model objects
  • creating / Creating a data model
  • dialog, filling / Filling in the new data model dialog
  • fields (attributes), editing / Editing fields (attributes)
• data sources
  • about / Common data sources
  • logs, monitoring on servers / Monitoring logs on servers
  • logs, monitoring on shared drive / Monitoring logs on a shared drive
  • logs, consuming in batch / Consuming logs in batch
  • syslog events, receiving / Receiving syslog events
  • logs, consuming from database / Consuming logs from a database
  • scripts, used for gathering data / Using scripts to gather data
• deep learning / What is machine learning?
• directory structure, apps
  • about / App directory structure
  • appserver / App directory structure
  • bin / App directory structure
  • default and local / App directory structure
  • lookups / App directory structure
  • metadata / App directory structure
  • custom app, adding to Splunkbase / Adding your app to Splunkbase
• distinct count (dc) / Using sistats, sitop, and sitimechart

E

• eval command
  • used, for creating fields / eval
  • grouping fields, defining / Using eval and rex to define grouping fields
• event annotations
  • about / Event annotations
  • illustration / An illustration
• eventgen / eventgen
• event renderer
  • writing / Writing an event renderer
  • specific fields, using / Using specific fields
  • table of fields, creating based on field value / A table of fields based on field value
  • XML, printing / Pretty printing XML
• events
  • calculating, per time / Calculating events per slice of time
• event types
  • using, to categorize results / Using event types to categorize results
  • search / Using event types to categorize results
  • categorization / Using event types to categorize results
  • tagging / Using event types to categorize results
  • used, for grouping results / Using event types to group results
• Explore Splunk Enterprise pane
  • Product Tours / The home app
  • Add Data / The home app
  • Splunk Apps / The home app
  • Splunk Docs / The home app
• extended SPL (search processing language) / Extended SPL (search processing language)
• external commands
  • using / Using external commands
• extracted field
  • versus indexed field / Indexed fields versus extracted fields
• extract fields interface
  • using / Using the extract fields interface
  • field, prototyping with rex command / Using rex to prototype a field
  • field, building with admin interface / Using the admin interface to build a field
  • indexed fields, versus extracted fields / Indexed fields versus extracted fields

F

• field picker
  • about / The field picker
  • fields / Fields
  • using / Using the field picker
• fields
  • extract fields interface, using / Conventions used, Using the extract fields interface
  • used, for searching / Using fields to search
  • field picker, using / Using the field picker
  • wildcards, supplementing / Supplementing wildcards in fields
  • working with / Working with fields
  • regular expression / A regular expression primer
  • creating, with commands / Commands that create fields
  • creating, with eval command / eval
  • creating, with rex command / rex
  • loglevel, extracting / Extracting loglevel
• fields.conf / fields.conf
• file
  • apps, installing / Installing apps from a file
• fill_summary_index.py
  • used, for backfill / Using fill_summary_index.py to backfill
• filter elements, pivot
  • time / Filtering pivots
  • match / Filtering pivots
  • limit / Filtering pivots
• form
  • building / Building forms
  • creating, from dashboard / Creating a form from a dashboard
  • multiple panels, driving / Driving multiple panels from one form
  • search results, post-processing / Post-processing search results
  • limitations, post-processing / Post-processing limitations
• forwarder process
  • advantages / Monitoring logs on servers
  • disadvantages / Monitoring logs on servers

G

• Geo Location Lookup Script
  • installing / Installing apps from Splunkbase
  • using / Using Geo Location Lookup Script
• Google
  • used, to generate results / Using Google to generate results
• Google Maps
  • using / Using Google Maps
  • about / Google Maps

H

• HiddenPostProcess
  • custom drilldown, building to multiple panels / Building a drilldown to multiple panels using HiddenPostProcess
• home app / The home app
• HTTP event collector (HEC) / Splunk Cloud
• Hunk
  • about / Hunk
  • features / Hunk
  • reference / Hunk

I

• index
  • about / Working with multiple indexes
  • multiple indexes, handling / Working with multiple indexes
  • directory structure / Directory structure of an index
  • multiple indexes, creating / When to create more indexes
  • sizing / Sizing an index
• indexed field
  • versus extracted field / Indexed fields versus extracted fields
  • advantages / Indexed fields versus extracted fields
  • disadvantages / Indexed fields versus extracted fields
  • common term, searching / Indexed field case 1 - rare instances of a common term
  • words, splitting / Indexed field case 2 - splitting words
  • application, from source / Indexed field case 3 - application from source
  • slow requests, handling / Indexed field case 4 - slow requests
  • unneeded work / Indexed field case 5 - unneeded work
• indexed fields, transforms.conf
  • creating / Creating indexed fields
  • loglevel field, creating / Creating a loglevel field
  • session field, creating from source / Creating a session field from the source
  • tag field, creating / Creating a tag field
  • host categorization fields, creating / Creating host categorization fields
• indexer
  • sizing / Sizing indexers
  • load balancing / Indexer load balancing
• indexes.conf / indexes.conf
• indextime search app
  • URL / How latency affects summary queries
• inputs.conf
  • about / inputs.conf
  • attributes / Common input attributes
  • file, as inputs / Files as inputs
  • rolled logs, selecting with patterns / Using patterns to select rolled logs
  • whitelist, using / Using blacklist and whitelist
  • blacklist, using / Using blacklist and whitelist
  • files, selecting recursively / Selecting files recursively
  • symbolic links, following / Following symbolic links
  • host value, setting from source / Setting the value of the host from the source
  • old data, ignoring at installation / Ignoring old data at installation
  • crcSalt, using / When to use crcSalt
  • files, indexing / Destructively indexing files
  • network inputs / Network inputs
  • native Windows inputs / Native Windows inputs
  • scripts, as inputs / Scripts as inputs
• inputs.conf, attributes
  • host / Common input attributes
  • source / Common input attributes
  • sourcetype / Common input attributes
  • index / Common input attributes
• inputs.conf, TCP and UDP inputs
  • source attribute / Network inputs
  • sourcetype attribute / Network inputs
  • connection_host attribute / Network inputs
  • queueSize attribute / Network inputs
  • persistentQueueSize attribute / Network inputs
• installation
  • planning / Planning your installation
• intentions
  • using / Using intentions
  • stringreplace / stringreplace
  • addterm / addterm
• Internet Small Computer System Interface (iSCSI) / Splunk indexer
• IOPS (input/output operations per second) / Sizing indexers

J

• JavaScript Object Notation (JSON) / Actions

L

• latency
  • affecting, on summary queries / How latency affects summary queries
• Launcher app / The home app
• launcher icon
  • customizing / Customizing the launcher icon
• layoutPanel
  • about / Understanding layoutPanel
  • placement / Panel placement
• Lightweight Directory Access Protocol (LDAP)
  • about / Logging in to Splunk
  • used, for authentication / Using LDAP for authentication
  • enabling / Using LDAP for authentication
  • reference / Using LDAP for authentication
• load balancers
  • about / Load balancers and Splunk
  • web / web
  • splunktcp / splunktcp
  • deployment server / deployment server
• logic
  • reusing, macro used / Using macros to reuse logic
• logs
  • monitoring, on servers / Monitoring logs on servers
  • monitoring, on shared drive / Monitoring logs on a shared drive
  • consuming, in batch / Consuming logs in batch
• lookup attributes
  • about / Lookup attributes
  • configuring / Lookup attributes
  • children, adding / Children
• lookups
  • used, to enrich data / Using lookups to enrich data
  • lookup table file, defining / Defining a lookup table file
  • lookup definition, defining / Defining a lookup definition
  • automatic lookup, defining / Defining an automatic lookup
  • troubleshooting / Troubleshooting lookups
  • using, with wildcards / Using a lookup with wildcards
• lookups, transforms.conf
  • defining / Lookup definitions
  • wildcard lookups / Wildcard lookups
  • CIDR wildcard lookups / CIDR wildcard lookups
  • time, using / Using time in lookups

M

• machine learning
  • about / What is machine learning?
  • content recommendation engines / Content recommendation engines
  • natural language processing (NLP) / Natural language processing
  • operational intelligence / Operational intelligence
• macro
  • used, to reuse logic / Using macros to reuse logic
  • creating / Creating a simple macro
  • creating, with arguments / Creating a macro with arguments
• mako templates
  • URL / Writing an event renderer
• merging order
  • about / The merging order
  • outside of search / The merging order outside of search
  • when searching / The merging order when searching
• metadata
  • about / Metadata
  • default.meta file / Metadata
  • local.meta file / Metadata
  • files, properties / Metadata
• metadata fields, transforms.conf
  • modifying / Modifying metadata fields
  • host, overriding / Overriding the host
  • source, overriding / Overriding the source
  • sourcetype, overriding / Overriding sourcetype
  • events, routing to different index / Routing events to a different index
• metrics
  • version 7.0 advancements / Version 7.0 advancements in metrics
• metrics index
  • creating / Creating a metrics index
• ML-SPL commands
  • about / Extended SPL (search processing language)
  • fit / Extended SPL (search processing language)
  • apply / Extended SPL (search processing language)
  • summary / Extended SPL (search processing language)
  • listmodels / Extended SPL (search processing language)
  • deletemodel / Extended SPL (search processing language)
  • sample / Extended SPL (search processing language)
• ML-SPL performance app
  • about / ML-SPL performance app
  • URL / ML-SPL performance app
• ML model
  • building / Building a model
  • time series, forecasting / Time series forecasting
  • Splunk, using / Using Splunk
  • toolkit, launching / Launching the toolkit
• model / What is machine learning?
• modules
  • logic flow / Module logic flow
  • ExtendedFieldSearch / Module logic flow
  • TimeRangePicker / Module logic flow
  • SubmitButton / Module logic flow
  • HiddenSearch / Module logic flow
  • ViewstateAdapter / Module logic flow
  • HiddenFieldPicker / Module logic flow
  • JobProgressIndicator / Module logic flow
  • EnablePreview / Module logic flow
  • HiddenChartFormatter / Module logic flow
  • JSChart / Module logic flow
  • ConvertToDrilldownSearch / Module logic flow
  • ViewRedirector / Module logic flow
  • ViewRedirectorLink / Module logic flow
• msiexec
  • Splunk binary, deploying / Deploying using msiexec
• multiple indexes
  • creating / When to create more indexes
  • data, testing / Testing data
  • longevity, differing / Differing longevity
  • permissions, differing / Differing permissions
  • used, for performance improvement / Using more indexes to increase performance
  • bucket, life cycle / The life cycle of a bucket
  • managing, with volumes / Using volumes to manage multiple indexes
• multiple search heads / Multiple search heads

N

• natural language processing (NLP) / Natural language processing
• navigation
  • editing / Editing navigation
  • object permissions, affecting on / How permissions affect navigation
• navigation directory / Views and navigation
• nested subsearches / Nested subsearches
• Network File System (NFS) / Splunk indexer

O

• object permissions
  • Private option / Object permissions
  • App option / Object permissions
  • Global option / Object permissions
  • affecting, on navigation / How permissions affect navigation
  • affecting, on other objects / How permissions affect other objects
  • problems, correcting / Correcting permission problems
• objects, data model
  • event objects / Data model objects
  • transaction objects / Data model objects
  • search objects / Data model objects
  • root object / Data model objects
  • object tree / Data model objects
  • constraining / Object constraining
  • attributes / Attributes
• operational intelligence / Operational intelligence
• operators
  • using / Boolean and grouping operators
  • AND / Boolean and grouping operators
  • OR / Boolean and grouping operators
  • NOT / Boolean and grouping operators
  • quote marks ("") / Boolean and grouping operators
  • Parentheses ( ( ) ) / Boolean and grouping operators
  • equal sign (=) / Boolean and grouping operators
  • Brackets ( [ ] ) / Boolean and grouping operators
• outputs.conf / outputs.conf

P

• panel
  • custom drilldown, building / Building a drilldown to another panel
  • custom drilldown, building to multiple panels with HiddenPostProcess / Building a drilldown to multiple panels using HiddenPostProcess
• Perl Compatible Regular Expressions (PCRE)
  • reference / A regular expression primer
• picker widget, time / Date and time range
  • Presets / Presets
  • Relative / Relative
  • Real-time / Real-time
  • Date Range option / Date range
  • Advanced option / Advanced
• pipe symbol / About the pipe symbol
• pivot
  • about / What is a pivot?
  • creating / What is a pivot?
  • Pivot Editor / The Pivot Editor
  • filtering / Filtering pivots
  • row/column, splitting / Split (row or column)
  • configuration options / Split (row or column)
  • column values, adding / Column values
  • table, formatting / Pivot table formatting
  • building / A quick example
• Pivot Editor
  • about / The Pivot Editor
  • event type / The Pivot Editor
  • transaction type / The Pivot Editor
  • search type / The Pivot Editor
  • pivot elements / Working with pivot elements
• pivot elements
  • managing / Working with pivot elements
• Pluggable Auditing System (PAS) / Splunk reference app – PAS
• processing stages
  • input / Splunk instance types
  • parsing / Splunk instance types
  • indexing / Splunk instance types
  • searching / Splunk instance types
• props.conf
  • about / props.conf
  • attributes / Common attributes
  • stanza types / Stanza types
  • stanza types, priorities / Priorities inside a type
  • attributes, with class / Attributes with class
• props.conf, attributes
  • search-time attributes / Search-time attributes
  • index-time attributes / Index-time attributes
  • parse-time attributes / Parse-time attributes
  • input-time attributes / Input-time attributes

Q

• query
  • reusing / Reusing a query

R

• Real-time, picker widget
  • windowed real-time searches, versus all-time real-time searches / Windowed real-time versus all-time real-time searches
• redundancy
  • planning / Planning redundancy
  • replication factor / The replication factor
  • indexers, load balancing / Indexer load balancing
  • typical outages / Understanding typical outages
• refactored techniques / Acceleration in version 7.0
• regular expression / A regular expression primer
• replication factor
  • about / The replication factor
  • configuring / Configuring your replication factors
  • syntax / Syntax
• report
  • dashboard panel, converting to / Converting the panel to a report
• report, settings
  • Permissions / Save As Report
  • Schedule / Save As Report
  • Acceleration / Save As Report
  • Embed / Save As Report
• REPORT, transforms.conf
  • using / Using REPORT
  • multivalue fields, creating / Creating multivalue fields
  • dynamic fields, creating / Creating dynamic fields
• REST
  • Splunk, querying / Querying Splunk via REST
• results
  • sharing / Sharing results with others
  • sharing, as URL / The URL
  • saving, as report / Save As Report
  • saving, as dashboard panel / Save As Dashboard Panel
  • saving, as alert / Save As Alert
  • saving, as event type / Save As Event Type
• rex command
  • used, for creating fields / rex
  • grouping fields, defining / Using eval and rex to define grouping fields
• running calculation
  • creating / Creating a running calculation for a day

S

• savedsearches.conf / savedsearches.conf
• scripted alert action
  • results, processing / Writing a scripted alert action to process results
• scripted input
  • for gathering data / Writing a scripted input to gather data
  • script output, capturing without date / Capturing script output with no date
  • script output, capturing as single event / Capturing script output as a single event
  • long-running scripted input, creating / Making a long-running scripted input
• scripted lookup
  • writing, for data enrichment / Writing a scripted lookup to enrich data
• search
  • creating / Using search terms effectively
  • search terms, using effectively / Using search terms effectively
  • modifying, with clicks / Clicking to modify your search
  • fields, using / Using fields to search
  • time in-line, specifying / Specifying time in-line in your search
  • faster results, obtaining / Making searches faster
  • saving, for reuse / Saving searches for reuse
  • alerts, creating / Creating alerts from searches
• search heads
  • multiple search heads / Multiple search heads
  • configuring / Multiple search heads
  • reference / Multiple search heads
• search job
  • settings / Searching job settings
• self-service app management / Self-service app management
• Settings section
  • about / The settings section
  • KNOWLEDGE option / The settings section
  • System option / The settings section
  • Data option / The settings section
  • Distributed environment option / The settings section
  • Users and authentication option / The settings section
• Sideview Utils
  • about / Sideview Utils
  • URL / Sideview Utils
  • search module / The Sideview search module
  • views, linking / Linking views with Sideview
  • URLLoader module / Sideview URLLoader
  • forms / Sideview forms
• Sideview Utils (LGPL) / Reasons for not working with advanced XML
• Sideview Utils, modules
  • SideviewUtils / Sideview URLLoader
  • URLLoader / Sideview URLLoader
  • HTML / Sideview URLLoader
  • Search / Sideview URLLoader
  • Redirector / Sideview URLLoader
• SimpleXML / Chart enhancements in version 7.0
• single sign-on (SSO)
  • using / Using single sign-on
• sistats
  • using / Using sistats, sitop, and sitimechart
• site_replication_factor
  • URL / Syntax
• sitimechart
  • using / Using sistats, sitop, and sitimechart
• sitop
  • using / Using sistats, sitop, and sitimechart
• sparklines
  • about / Sparklines
  • adding / Sparklines
• Splunk
  • logging in / Logging in to Splunk
  • URL, for documentation / Packaging your app, Querying Splunk via REST
  • load balancers / Load balancers and Splunk
  • using, from command line / Using Splunk from the command line
  • querying, via REST / Querying Splunk via REST
  • used, for building ML model / Using Splunk
• Splunk.conf files
  • overview / An overview of Splunk.conf files
  • props.conf / props.conf
  • inputs.conf / inputs.conf
  • transforms.conf / transforms.conf
  • fields.conf / fields.conf
  • outputs.conf / outputs.conf
  • indexes.conf / indexes.conf
  • authorize.conf / authorize.conf
  • savedsearches.conf / savedsearches.conf
  • times.conf / times.conf
  • commands.conf / commands.conf
  • web.conf / web.conf
• Splunk APIs
  • URL / Reasons for not working with advanced XML
• Splunk Apps Marketplace
  • URL / The home app
• Splunkbase
  • URL / The home app, Installing apps from a file, Adding your app to Splunkbase
  • apps, installing / Installing apps from Splunkbase
  • custom app, adding / Adding your app to Splunkbase
  • about / Obtaining the Kit
• Splunk binary
  • deploying / Deploying the Splunk binary
  • deploying, from tar file / Deploying from a tar file
  • deploying, with msiexec / Deploying using msiexec
  • base configuration, adding / Adding a base configuration
  • configuring, to launch at boot / Configuring Splunk to launch at boot
• Splunk Cloud
  • about / Splunk Cloud
  • URL / Splunk Cloud, Next steps
  • implications / Splunk Cloud
  • test drive / Try before you buy
  • accessing / A quick cloud tour
  • top bar / The top bar in Splunk Cloud
  • signing up / Next steps
• Splunk DB Connect 3.0
  • URL / Consuming logs from a database
• Splunk deployment server
  • using / Using the Splunk deployment server
  • advantages / Using the Splunk deployment server
  • disadvantages / Using the Splunk deployment server
  • execution, deciding / Step 1 – deciding where your deployment server will run
  • deploymentclient.conf configuration, defining / Step 2 - defining your deploymentclient.conf configuration
  • machine types, defining / Step 3 - defining our machine types and locations
  • location, defining / Step 3 - defining our machine types and locations
  • configurations, normalizing into apps / Step 4 - normalizing our configurations into apps appropriately
  • apps, mapping to deployment clients in serverclass.conf / Step 5 - mapping these apps to deployment clients in serverclass.conf
  • restarting / Step 6 - restarting the deployment server
  • deploymentclient.conf, installing / Step 7 - installing deploymentclient.conf
• Splunk Docs
  • about / The home app
  • reference / The home app
• Splunk forwarders / Splunk forwarders
• Splunk forwarders, configurations
  • inputs.conf / Splunk forwarders
  • outputs.conf / Splunk forwarders
  • props.conf / Splunk forwarders
  • default-mode.conf / Splunk forwarders
  • limits.conf / Splunk forwarders
• Splunk indexer
  • about / Splunk indexer
  • configurations / Splunk indexer
• Splunk Machine Learning Toolkit (MLT)
  • about / Time well spent, Launching the toolkit
  • advantages / Time well spent
  • obtaining / Obtaining the Kit
  • URL / Obtaining the Kit
  • prerequisites / Prerequisites and requirements
  • installation / Installation
  • Showcase page / The toolkit workbench
  • title bar / The toolkit workbench
  • menu bar / The toolkit workbench
  • assistants / Assistants
  • extended SPL (search processing language) / Extended SPL (search processing language)
• Splunk metric
  • defining / Definition of a Splunk metric
  • timestamp / Definition of a Splunk metric
  • name / Definition of a Splunk metric
  • value / Definition of a Splunk metric
  • dimensions / Definition of a Splunk metric
  • using / Using Splunk metrics
  • UDP data input, creating / Creating a UDP or TCP data input
  • TCP data input, creating / Creating a UDP or TCP data input
• Splunk Packaging Toolkit / Self-service app management
• Splunk Pivot Editor
  • using / What is a data model?
• Splunk replication factor / The replication factor
• Splunk search / Splunk search
• Splunk Search Processing Language (SPL) / Hunk
• Splunk universal forwarder / Splunk forwarders
• Splunk version 6.2
  • features / Features replaced
• Splunk Web Framework / Included apps
• stanza / The structure of a Splunk configuration file
• stats
  • used, for aggregating values / Using stats to aggregate values
• StatsD
  • about / Using Splunk metrics
  • reference link / Using Splunk metrics
• stringreplace / stringreplace
• subsearches
  • used, for finding related events / Using subsearches to find loosely related events
  • about / Subsearch
  • caveats / Subsearch caveats
  • nested subsearches / Nested subsearches
• summary data
  • backfill option / How and when to backfill summary data
  • fill_summary_index.py, used for backfill / Using fill_summary_index.py to backfill
  • custom summary indexes, producing with collect / Using collect to produce custom summary indexes
• summary index
  • about / Understanding summary indexes
  • creating / Creating a summary index
  • using / When to use a summary index
  • avoiding / When to not use a summary index
  • populating, with saved searches / Populating summary indexes with saved searches
  • events, using in query / Using summary index events in a query
  • size, reducing / Reducing summary index size
  • grouping fields, defining with eval / Using eval and rex to define grouping fields
  • grouping fields, defining with rex / Using eval and rex to define grouping fields
  • event types, used for grouping results / Using event types to group results
  • top contributors, calculating for large time frame / Calculating top for a large time frame
  • reports, searching / Summary index searches
• supplementary parallelization / Acceleration in version 7.0
• syslog events
  • receiving / Receiving syslog events
  • receiving, on Splunk indexer / Receiving events directly on the Splunk indexer
  • native syslog receiver, using / Using a native syslog receiver
  • receiving, with Splunk forwarder / Receiving syslog with a Splunk forwarder

T

• tags
  • used, to simplify search / Using tags to simplify search
• tar file
  • Splunk binary, deploying / Deploying from a tar file
• temporal lookup / Using time in lookups
• third-party add-ons
  • about / Third-party add-ons
  • Google Maps / Google Maps
  • Sideview Utils / Sideview Utils
• time
  • about / All about time
  • parsing / How Splunk parses time
  • storing / How Splunk stores time
  • displaying / How Splunk displays time
  • time zone, determining / How time zones are determined and why it matters
  • searching against / Different ways to search against time
  • picker widget / Different ways to search against time
• timechart
  • used, for displaying values over time / Using timechart to show values over time
  • options / The timechart options
  • using / Using timechart
• time in-line
  • specifying, in search / Specifying time in-line in your search
  • _indextime, versus _time / _indextime versus _time
• time picker
  • using / Using the time picker
• times.conf / times.conf
• toolkit
  • defining / Defining the toolkit
  • Splunk Machine Learning Toolkit (MLT) / Time well spent
• top bar / The top bar
• top command
  • used, for displaying common field values / Using top to show common field values
  • output, controlling / Controlling the output of top
  • reference / Controlling the output of top
  • rebuilding / Rebuilding top
• training the routines / What is machine learning?
• transaction
  • using / Using transaction
  • used, to determine session length / Using transaction to determine session length
  • subsearches, combining / Combining subsearches with transaction
• transaction statistics
  • aggregate, calculating / Calculating the aggregate of transaction statistics
• transforms.conf
  • about / transforms.conf
  • indexed fields, creating / Creating indexed fields
  • metadata fields, modifying / Modifying metadata fields
  • lookups, defining / Lookup definitions
  • REPORT, using / Using REPORT
  • transforms, chaining / Chaining transforms
  • events, dropping / Dropping events
• transient data
  • storing, with CSV files / Using CSV files to store transient data

U

• UI examples app
  • installing / UI examples app
• universal forwarder / Universal forwarder
• Unix app
  • URL / Using scripts to gather data
• user interface resources
  • about / User interface resources
  • views directory / Views and navigation
  • navigation directory / Views and navigation
  • appserver resources / Appserver resources
  • metadata / Metadata

V

• validation
  • about / Validation
  • deployment / Deployment
  • report, saving / Saving a report
  • data, exporting / Exporting data
• values
  • extracting, from XML / Extracting values from XML
• version 7.0 advancements
  • in metrics / Version 7.0 advancements in metrics
• views directory / Views and navigation
• volumes
  • used, for managing multiple indexes / Using volumes to manage multiple indexes

W

• web.conf / web.conf
• wildcards
  • using, efficiently / Using wildcards efficiently
  • supplementing, in fields / Supplementing wildcards in fields
  • lookups, using / Using a lookup with wildcards
• windowed real-time searches
  • versus all-time real-time searches / Windowed real-time versus all-time real-time searches
• Windows Management Instrumentation (WMI) / Native Windows inputs
• wizards
  • used, for building dashboards / Using wizards to build dashboards
• workflow actions
  • creating / Creating workflow actions
  • search executing, values used from an event / Running a new search using values from an event
  • external site, linking / Linking to an external site
  • building, to show field context / Building a workflow action to show field context

X

• XML
  • editing, directly / Editing XML directly
• xmlkv / xmlkv
• XPath / XPath