Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Improving Your Splunk Skills Leverage the operational intelligence capabilities of Splunk to unlock new hidden business insights

Product type Course

Published in Aug 2019

Publisher Packt

ISBN-13 9781838981747

Length 680 pages

Edition 1st Edition

Languages

JavaScript

Tools

Splunk

Concepts

Business Intelligence

Authors (4):

James D. Miller

Josh Diakun

Paul R. Johnson

Derek Mock

View More author details

Table of Contents (21) Chapters

Title Page

Improving Your Splunk Skills

About Packt

Contributors

Preface

1. The Splunk Interface FREE CHAPTER

2. Understanding Search

3. Tables, Charts, and Fields

4. Data Models and Pivots

5. Simple XML Dashboards

6. Extending Search

7. Working with Apps

8. Building Advanced Dashboards

9. Summary Indexes and CSV Files

10. Configuring Splunk

11. Play Time – Getting Data In

12. Building an Operational Intelligence Application

13. Diving Deeper – Advanced Searching, Machine Learning and Predictive Analytics

14. Speeding Up Intelligence – Data Summarization

15. Above and Beyond – Customization, Web Framework, HTTP Event Collector, REST API, and SDKs

1. Other Books You May Enjoy

Leave a review - let other readers know what you think

Using lookups to enrich data

Sometimes, information that would be useful for reporting and searching is not located in the logs themselves, but is available elsewhere. Lookups allow us to enrich data, and even search against the fields in the lookup as if they were part of the original events.

The source of data for a lookup can be either a comma-separated values (CSV) file or a script. We will cover the most common use of a CSV lookup in the next section.

There are three steps for fully defining a lookup: creating the file; defining the lookup definition; and, optionally, wiring the lookup to run automatically.

Defining a lookup table file

A lookup table file is simply a CSV file. The first line is treated as a list of field...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (4)

James D. Miller

James D. Miller is an IBM certified expert, Master Consultant, Application/System Architect with +35 years of applications & system design/development experience across multiple platforms, technologies and data formats, including Big Data. His experience includes IBM Planning Analytics, BI, Web architecture & design, systems analysis, GUI design & testing, Data modeling, design, and development of OLAP, Client/Server, Web & Mainframe applications and systems utilizing: Planning Analytics Workspace (PAW), IBM Watson Analytics, Cognos BI & TM1, Framework Manager, dynaSight/ArcPlan, ASP, DHTML, XML, MS Visual Basic, VBA, PERL, R, SPLUNK, MS SQL Server, ORACLE, etc. He has authored numerous books, including Implementing Splunk - Second Edition; Mastering Splunk; Hands-On Machine Learning with IBM Watson; IBM Watson Projects; Statistics for Data Science; Mastering Predictive Analytics with R - Second Edition and others. Project areas include those with Data Analytics, Planning Analytics, and FOPM projects, holding various roles from architect, developer, technical and project leader.

See other products by James D. Miller

Derek Mock

Derek Mock is a software developer and big data architect who specializes in IT operations, information security, and cloud technologies. He has 15 years' experience developing and operating large enterprise-grade deployments and SaaS applications. He is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. For the past 6 years, he has been leveraging Splunk as the core tool to deliver key operational intelligence. Derek is based in Toronto, Canada, and is a co-founder of the Splunk Toronto User Group.

See other products by Derek Mock

Josh Diakun

Josh Diakun is an IT operations and security specialist with a focus on creating data-driven operational processes. He has over 10 years of experience managing and architecting enterprise-grade IT environments. For the past 7 years, he has been architecting, deploying and developing on Splunk as the core platform for organizations to gain security and operational intelligence. Josh is a founding partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. He is also a co-founder of the Splunk Toronto User Group.

See other products by Josh Diakun

Paul R. Johnson

Paul R Johnson has over 10 years of data intelligence experience in the areas of information security, operations, and compliance. He is a partner at Discovered Intelligence, a company specializing in data intelligence services and solutions. Paul previously worked for a Fortune 10 company, leading IT risk intelligence initiatives and managing a global Splunk deployment. Paul co-founded the Splunk Toronto User Group and lives and works in Toronto, Canada.

See other products by Paul R. Johnson