You're reading from Splunk 7 Essentials, Third Edition Demystify machine data by leveraging datasets, building reports, and sharing powerful insights

Product type Paperback

Published in Mar 2018

Publisher Packt

ISBN-13 9781788839112

Length 220 pages

Edition 3rd Edition

Languages

C++

Tools

Splunk

Concepts

Operational Intelligence

Authors (4):

Erickson Delgado

Steven Koelpin

J-P Contreras

Betsy Page Sigman

View More author details

To get the most out of this book

To start with the book, you will first need to download Splunk from https://www.splunk.com/en_us/download.html.

You can find the official installation manual at http://docs.splunk.com/Documentation/Splunk/latest/Installation/Systemrequirements.

Download the example code files

You can download the example code files for this book from your account at www.packtpub.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.

You can download the code files by following these steps:

Log in or register at www.packtpub.com.
Select the SUPPORT tab.
Click on Code Downloads & Errata.
Enter the name of the book in the Search box and follow the onscreen instructions.

Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

WinRAR/7-Zip for Windows
Zipeg/iZip/UnRarX for Mac
7-Zip/PeaZip for Linux

The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Splunk-7-Essentials-Third-Edition. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/Splunk7EssentialsThirdEdition_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "You can either do it using the following icacls command or change it using the Windows GUI"

A block of code is set as follows:

SPL> index=main earliest=-1h latest=now | stats count(eval(if(http_status_code < "400", 1, NULL))) AS successful_requests count(eval(if(http_status_code >= "400", 1, NULL))) AS unsuccessful_requests by http_status_code

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

016-07-21 23:58:50:227303,96.32.0.0,GET,/destination/LAX/details,-,80, 
-,10.2.1.33,Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) 
AppleWebKit/537.36 (KHTML; like Gecko) Chrome/29.0.1547.76 
Safari/537.36,500,0,0,823,3053

Any command-line input or output is written as follows:

Windows: C:> dir C:\Splunk\etc\apps\SA-Eventgen
Linux: ls -l /$SPLUNK_HOME/etc/apps/

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "On the Server controls page, click on the Restart Splunk button. Click on OK when asked to confirm the restart."

Warnings or important notes appear like this.

Tips and tricks appear like this.