Chapter 7. Extending Search
In this chapter, we will look at some of the features that Splunk provides beyond its already powerful search language. We will cover the following, along with the help of examples:
- Tags and event types that help you categorize events, for both search and reporting
- Lookups that allow you to add external fields to events as though they were part of the original data
- Macros that let you reuse snippets of search in powerful ways
- Workflow actions that let you build searches and links based on the field values in an event
- External commands that allow you to use Python code to work with search results
In this chapter, we will investigate a few of the many commands included in Splunk. We will write our own commands in Chapter 13 ...
Get Implementing Splunk - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
