Implementing Splunk: Big Data Reporting and Development for Operational Intelligence
Using search terms effectively
Boolean and grouping operators
Clicking to modify your search
Using top to show common field values
Using stats to aggregate values
Using timechart to show values over time
Using wizards to build dashboards
Scheduling the generation of dashboards
Using subsearches to find loosely related events
Calculating events per slice of time
Using event types to categorize results
Customizing the appearance of your app
Reasons for working with advanced XML
Reasons for not working with advanced XML
Converting simple XML to advanced XML
When to not use a summary index
Populating summary indexes with saved searches
Using summary index events in a query
Using sistats, sitop, and sitimechart
How latency affects summary queries
How and when to backfill summary data
Calculating top for a large time frame
Storing raw events in a summary index
Using CSV files to store transient data
Locating Splunk configuration files
The structure of a Splunk configuration file
An overview of Splunk .conf files
Using apps to organize configuration
Writing a scripted input to gather data
Using Splunk from the command line
Writing a scripted lookup to enrich data