Fields are searchable key/value pairs in your event data Fields can be searched by their name, for example: area_code=404 action=purchase status=200 When you look for multiple items in the editor an implied AND will be[…]

Every search is also a job, which can be paused, stopped, saved and exported. Here are some interesting things you need to know about Search jobs: Jobs are available for 10 Minutes (By Default) Jobs[…]

Basic search The search assistant provides a nice way to begin looking up for something in particular. At this stage, you can determine a few different search criteria, such as a term in particular or[…]

Splunk Index Time Process Data ingestion for Splunk is broken down into 3 different phases Input Phase – Data is handled at the source and is usually done by a forwarder Parsing Phase – Handled[…]

Addition Splunk Components There are additional components for a Splunk deployment, here is a list Deployment Server Cluster Master License Master Standalone Deployment This deployment is only in 1 server, and all functions needed for[…]

Splunk – Indexer This is the engine that is in charge of processing machine data, stores the results in indexes as events. This is what allows enabling fast searches and analysis As data is indexed,[…]

What is Splunk Splunk is many things to different groups in an organization, but mostly is an engine that looks you to visualize data in a way that could be understood by the business, what[…]