Splunk Enterprise 6.1: Embedded Reports

Splunk 6.1 is here and I’m loving it.

For those who haven’t read thru the release notes yet and jumped on the “Embedded reports” feature, I wanted to walk you through it and show you just how easy it is.  Go to splunk.com and download Splunk 6.1.  While you’re there, go over to the Apps community and get this bad boy–Splunk Enterprise 6.1 Overview.

Once you fire it up, your Splunk home screen should look like this.

 

001_SplunkStarteAppInstalled

 

In addition to giving you a tour of the new key features, the Splunk Enterprise 6.1 Overview app includes some data already assigned to index=sfpd.  I’ll use that data and make a simple search that will form the basis of …

» Continue reading

Search Command> stats, eventstats and streamstats

Getting started with stats, eventstats and streamstats

When I first joined Splunk, like many newbies I needed direction on where to start. Someone gave me some excellent advice:

“Learn the stats and eval commands.”

Putting eval aside for another blog post, let’s examine the stats command. It never ceases to amaze me how many Splunkers are stuck in the “super grep” stage. They just use Splunk to search (happily I might add) for keywords and phrases over many sources of machine data. Hopefully this will help advance some folks beyond “super grep” as well as assist those who may be new to Splunk.

When you dive into Splunk’s excellent documentation, you will find that the stats command has a couple …

» Continue reading