Index

A

• advanced searches
  • about / Advanced searches
  • subsearch / Subsearch
  • append, using / Using append
  • join, using / Using join
  • if, using / Using eval and if
  • eval command, using / Using eval and if
  • eval command, using with case function / Using eval and match with a case function
  • match, using with case function / Using eval and match with a case function
• alerts
  • creating / Creating alerts
• append
  • used, for advanced searches / Using append
• application programming interfaces (APIs) / Internet of Things
• area chart
  • creating / Creating an area chart

B

• big data
  • about / Splunk and big data
  • streaming / Streaming data
  • analytical data latency / Analytical data latency
  • sparseness / Sparseness of data
• boot start / Installing Splunk on Linux
• buckets
  • hot / Buckets
  • warm / Buckets
  • cold / Buckets
  • frozen / Buckets
  • thawed / Buckets

C

• chart
  • creating / Creating a Pivot and a chart
• chart command / Search commands – chart and timechart
• choropleth map
  • creating / Creating a choropleth map
• command line URL method (cURL) / Seeing the HEC in action with cURL
• CSV (comma-separated value) / Extracting new fields
• cybersecurity / Cybersecurity

D

• dashboard
  • creating / Creating your first dashboard
  • effective dashboards, creating / Creating effective dashboards
  • conditions / Creating effective dashboards
  • types / Types of dashboards
  • dynamic form-based dashboards / Types of dashboards
  • real-time dashboards / Types of dashboards
  • dashboards as scheduled reports / Types of dashboards
  • business requirements, gathering / Gathering business requirements
  • dynamic form-based dashboard, creating / Dynamic form-based dashboard
  • panel options / Panel options
  • column with overlay combination chart, using / Column with overlay combination chart – Hits vs Response Time
  • rearranging / Rearranging your dashboard
• data
  • classification, with Event Types / Data classification with Event Types
  • normalization, with Tags / Data normalization with Tags
  • enriching, with Lookups / Data enrichment with Lookups
• data flow, HEC
  • about / How data flows to the HEC
  • data, logging / Logging data
  • token, using with data / Using a token with data
  • data request, sending out / Sending out the data request
  • token, verifying / Verifying the token
  • data, indexing / Indexing the data
• data indexing
  • HEC, enabling / Enabling the HEC
  • HEC authentication token, generating / Generating an HEC authentication token
  • HEC, using with cURL / Seeing the HEC in action with cURL
  • acknowledgement / Indexer acknowledgement
• data model
  • creating / Creating a data model
  • attributes, adding to objects / Adding attributes to objects
  • child objects, creating / Creating child objects
  • attribute based on regular expression, creating / Creating an attribute based on a regular expression
  • acceleration / Data model acceleration
• data model acceleration
  • about / Data model acceleration
  • Pivot editor / The Pivot editor
  • Pivot, creating / Creating a Pivot and a chart
  • chart, creating / Creating a Pivot and a chart
  • area chart, creating / Creating an area chart
  • pie chart, creating / Creating a pie chart
  • sparkline, adding / Single value with trending sparkline
• data sources
  • machine data / Machine data
  • web logs / Web logs
  • data files / Data files
  • social media data / Social media data
  • relational database data / Relational database data
  • other data types / Other data types
• DB Connect / Relational database data
• Destinations app
  • viewing / Viewing the Destinations app
• Document Object Model (DOM) / How does the HEC work?
• drop-down input
  • creating / Creating a drop-down input
• dynamic form-based dashboard
  • creating / Dynamic form-based dashboard
  • Status Distribution panel, creating / Creating a Status Distribution panel
  • Status Types Over Time panel, creating / Creating the Status Types Over Time panel
  • Hits vs Response Time panel, creating / Creating the Hits vs Response Time panel
  • arranging / Arrange the dashboard

E

• eval command / Search command – eval
  • and if, used for advanced searches / Using eval and if
  • and match, used for advanced searches / Using eval and match with a case function
• Eventgen
  • used, for populating data / Populating data with Eventgen
  • reference / Populating data with Eventgen
  • configuring, CLI used / Using the CLI to configure Eventgen
  • configuring / Configuring Eventgen
• Eventgen add-on (Windows and Linux)
  • installing / Conventions used, Installing the Eventgen add-on (Windows and Linux)
• events / Splunk events and fields
• event sampling
  • using / Using event sampling
• Event Types
  • used, for data classification / Data classification with Event Types

F

• fields
  • about / Splunk events and fields
  • extracting / Extracting new fields
• fields command
  • using, with search / Use the fields command to improve search performance
• form inputs / Form inputs
• forwarders
  • about / Forwarders
  • universal forwarder / Universal forwarder
  • heavy forwarder / Heavy forwarder

G

• General Data Protection Regulation (GPDR) / Cybersecurity

H

• Health Insurance Portability and Accountability Act (HIPAA) / Cybersecurity
• HTTP event collector (HEC)
  • about / What is the HEC?
  • working / How does the HEC work?
  • data flow / How data flows to the HEC
  • enabling / Enabling the HEC

I

• if
  • and eval command, used for advanced searches / Using eval and if
• index
  • creating / Creating indexes
  • testing / Indexes for testing
  • searching / Searching within an index
• indexes.conf
  • reference / Creating indexes
• inputs.conf file
  • reference / Log files as data input
• Internet of Things (IoT) / How does the HEC work?
• IT operations / IT operations
• IT Server Intelligence (ITSI) / IT operations

J

• JavaScript Object Notation (JSON) / Internet of Things
• join
  • used, for advanced searches / Using join

L

• limited time frame
  • searching / Search within a limited time frame
• Linux
  • Splunk, installing / Installing Splunk on Linux
• log files
  • using, as data input / Log files as data input
• Lookups
  • used, for data enrichment / Data enrichment with Lookups

M

• machine data / Machine data
• match
  • and eval command, used for advanced searches / Using eval and match with a case function
• Monitoring Console
  • reference link / Monitoring Console

N

• National Institute of Standards and Technologies (NIST) / Cybersecurity
• network operations centers (NOCs) / Types of dashboards

O

• organizational use cases
  • about / Common organizational use cases
  • IT operations / IT operations
  • cybersecurity / Cybersecurity
  • software development / Software development and support operations
  • support operations / Software development and support operations
  • Internet of Things / Internet of Things

P

• panel options
  • about / Panel options
  • pie chart / Pie chart – Status Distribution
  • stacked area chart / Stacked area chart – Status Types Over Time
• perpetual / Splunk pricing model
• pie chart
  • creating / Creating a pie chart
• props.conf file
  • reference / Extracting new fields

Q

• quick searches
  • via fast mode / Quick searches via fast mode

R

• radio input
  • creating / Creating a radio input
• rare command / Search command – top/rare
• reports
  • creating / Creating and scheduling reports
  • scheduling / Creating and scheduling reports
  • acceleration / Search and Report acceleration
• rex command / Search command – rex

S

• scheduling options / Scheduling options
• search
  • anatomy / Anatomy of a search
  • pipeline / Search pipeline
  • results, filtering / Filtering search results
  • acceleration / Search and Report acceleration
  • fields command, using / Use the fields command to improve search performance
• search command
  • stats / Search command – stats
  • top command / Search command – top/rare
  • rare command / Search command – top/rare
  • chart / Search commands – chart and timechart
  • timechart / Search commands – chart and timechart
  • eval / Search command – eval
  • rex / Search command – rex
• search head / Search capacity
• search processing language (SPL) / Anatomy of a search
• security operations centers (SOCs) / Types of dashboards
• Single-Page Application (SPA) / How does the HEC work?
• Software-as-a-Service (SaaS) / Splunk Cloud
• Splunk
  • reference / Your Splunk account
  • installing, on Windows / Installing Splunk on Windows
  • installing, on Linux / Installing Splunk on Linux
  • first time login / Logging in for the first time
  • search, running / Running a simple search
  • controlling / Controlling Splunk
  • and big data / Splunk and big data
  • data sources / Splunk data sources
  • pricing model / Splunk pricing model
  • online resources / The Splunk community and online resources
• Splunk account
  • about / Your Splunk account
  • obtaining / Obtaining a Splunk account
• Splunk Answers
  • about / The Splunk community and online resources
  • URL / The Splunk community and online resources
• Splunk app
  • creating / Creating a Splunk app
• Splunk architecture
  • considerations / Splunk architecture considerations
  • for organization / Splunk architecture for an organization
  • search capacity / Search capacity
  • indexing capacity / Indexing capacity and data replication
  • data replication / Indexing capacity and data replication
  • high availability, for critical environments / High availability for critical environments
  • Monitoring Console / Monitoring Console
• SplunkBase
  • about / The Splunk community and online resources
  • URL / The Splunk community and online resources
• Splunk Cloud / Splunk Cloud
• Splunk community
  • about / The Splunk community and online resources
  • reference link / The Splunk community and online resources
• Splunk Docs
  • URL / The Splunk community and online resources
  • about / The Splunk community and online resources
• static real-time dashboard
  • about / Static real-time dashboard
  • single-value panels, creating with color ranges / Single-value panels with color ranges
  • panels, creating by cloning / Creating panels by cloning
  • single-value panels, creating with trends / Single-value panels with trends
  • real-time column charts, creating with line overlays / Real-time column charts with line overlays
• stats command / Search command – stats
• stats function
  • reference / Search command – stats
• Structured Query Language (SQL) / Anatomy of a search, Using join
• summary
  • indexing / Summary indexing
  • about / Summary indexing
• support / Splunk pricing model

T

• Tags
  • used, for data normalization / Data normalization with Tags
• Term / Splunk pricing model
• timechart command / Search commands – chart and timechart
• time modifiers
  • about / Time modifiers
  • time units / Time modifiers
• time range input
  • creating / Creating a time range input
• time range picker
  • reference / Time modifiers
• top command / Search command – top/rare
• Twilio SMS Alerting
  • reference / Creating alerts

U

• User behavior analytics (UBA) / Cybersecurity

W

• Windows
  • Splunk, installing / Installing Splunk on Windows