.conf2014 Highlight Series: Lesser Known Commands in Splunk Search Processing Language (SPL)


.conf2015 registration is open!

As we get closer to .conf2015: The 6th Annual Splunk Worldwide Users’ Conference in Las Vegas this September, we’re excited to continue our series of .conf2014 retrospectives. This week we revisit Kyle Smith’s presentation covering less popular but powerful commands in Splunk Search Processing Language (SPL).

Skill Level:
Good for All Skill Levels

Solution Area:
Search Language

Splunk Enterprise

Presentation Overview:
From one of the most active contributors to Splunk Answers and the IRC channel, this session covers those less popular but still super powerful commands, such as “map”, “xyseries”, “contingency” and others. This session also showcases tricks such as “eval host_{host} = Value” to dynamically create fields based on other field values, and searches that show concurrency based on start/end times within an event (using gentimes).

For the full recoding, check out Using Lesser Known Commands in Splunk Search Processing Language (SPL).

(This presentation also has one of my favorite disclaimers – slide 2 – with the Most Interesting Man in the World).