Databases Reference
In-Depth Information
Clicking on
Formatting options
above the graph gives us quite a few options to
work with.
This graph shows one of my personal favorite chart styles, the stacked column.
This graph is useful for showing how many events of a certain kind occurred, but
with colors to give us an idea of distribution.
splunk.com
has great examples of all
of the available chart styles, and we will touch upon more styles in future chapters.
Working with fields
All of the fields we have used so far were either indexed fields (such as
host
,
sourcetype
, and
_time
) or fields that were automatically extracted from
key=value
pairs. Unfortunately, most logs don't follow this format, especially for the first few
values in each event. New fields can be created either inline, by using commands,
or through configuration.
A regular expression primer
Most of the ways to create new fields in Splunk involve regular expressions.
There are many topics and sites dedicated to regular expressions, so we will
only touch upon the subject here.
Search WWH ::
Custom Search