Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Splunk 7.x Quick Start Guide Gain business data insights from operational intelligence

Product type Paperback

Published in Nov 2018

Publisher Packt

ISBN-13 9781789531091

Length 298 pages

Edition 1st Edition

Tools

Splunk

Concepts

Operational Intelligence

Author (1):

James H. Baxter

View More author details

Table of Contents (12) Chapters

Preface

1. Introduction to Splunk FREE CHAPTER

2. Architecting Splunk

3. Installing and Configuring Splunk

4. Getting Data into Splunk

5. Administering Splunk Apps and Users

6. Searching with Splunk

7. Splunk Knowledge Objects

8. Splunk Reports, Dashboards, and Alerts

9. Splunk Applications

10. Advanced Splunk

11. Other Books You May Enjoy

Leave a review - let other readers know what you think

Advanced search commands

In some situations, you may need to utilize one of the more complex commands, such as sub-searches, join, or transaction. These commands allow you to handle dynamic events and values that would otherwise be difficult or impossible to do within a single search.

Subsearches

A subsearch is a search that runs within a primary, or outer, search, and is intended to return results to the primary/outer search to provide data that the primary search needs.

When a search contains a subsearch, the subsearch is run first. Subsearches must be enclosed in square brackets in the primary search, and the first term must be an event-generating command such as search, eventcount, or tstats (usually, you'll use search...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (1)

James H. Baxter

James H Baxter is the owner/CEO of Machine Data Insights, Inc., a certified Splunk architect, and a developer and machine learning practitioner with over 35 years of experience in various engineering and analysis disciplines, including radio/satellite; networks; capacity and performance modelling; speech technology; packet-level analysis; programming; and Splunk architecture, administration, and machine learning solutions for companies including MCI, IBM, BP, Disney, and AMEX. James is also a private pilot and holds an Extra class amateur radio and FCC Radiotelephone license. You can reach him at LinkedIn at James H. Baxter.

See other products by James H. Baxter