Databases Reference
In-Depth Information
group="Chapter 8 - Sideview Three"
name="Search">
<param name="search">
source="impl_splunk_gen" user="$user$"
logger="$logger$"
| fillnull value="unknown" network
| top network
</param>
<!-- table -->
<module name="SimpleResultsTable">
<param name="drilldown">row</param>
</module>
...
For greater efficiency, these two searches could be combined into one query and
the PostProcess module used.
Summary
We have covered an enormous amount of ground in this chapter. The toughest
concepts we touched on were module nesting, the meaning of layoutPanel ,
intentions, and an alternative to intentions with SideView Utils . As with many
skills, the best way to become proficient is to dig in, and hopefully have some
fun along the way! The examples in this chapter should give you a head start.
In the next chapter, we will cover summary indexing, a powerful part of Splunk
that can improve the efficiency of your queries greatly.
 
Previous Page
Next Page
Implementing Splunk: Big Data Reporting and Development for Operational Intelligence
Search WWH ::




Custom Search
Home