1 2 |
<p>Splunk is great tool which can be used to store and analyze your machine data. Machine data could be coming from any source. It can read and parse real time event data from network devices, web servers, application servers, databases, messaging queues and myriad other sources. It can even capture data from your docker containers, kubernetes clusters and various cloud providers like AWS Cloud Watch, GCE etc. It can help turn raw event data into various operational and business insights and help you improve efficiency across your organization and give you better ROI on your investments. Splunk provides powerful Search processing language (SPL) to search and investigate, enrich, process, modify, filter or delete the event data for various use cases. It also provides some advanced capabilities like Anomaly and Outlier detection and Machine Learning. User can perform various statistical analysis on the dataset and generate tables and charts, histograms, Line Charts and Summary Reports and Quantiles. It can also generate advanced real time dashboards for predictive analysis and reporting. For any event data source, splunk logs various default fields. </p> |
Some of the common SPL Commands are summarized below:
Category | Description | Commands |
---|---|---|
Sorting Results | Ordering results and (optionally) limiting the number of results. | sort |
Filtering Results | Taking a set of events or results and filtering them into a smaller set of results. | search where dedup head tail |
Grouping Results | Grouping events so you can see patterns. | transaction |
Reporting Results | Taking search results and generating a summary for reporting | top/rare stats chart timechart |
Filtering, Modify- ing, and Adding Fields | Filtering out (removing) some fields to focus on the ones you need, or modifying or adding fields to enrich your results or events. | fields replace eval rex lookup |