Creating and scheduling reports

In this chapter, you have learned three very important things: classifying raw events using Event Types, classifying data using Tags, and enriching data using Lookups. These, in addition to good SPL, constitute essential elements you need to use Splunk in an efficient manner.

Splunk reports are saved searches which can be shared to others or used as a dashboard panel. Reports can be scheduled periodically and perform an action upon completion, such as sending an email with the report results.

Reports can be configured to display search results in a statistical table, as well as visualization charts. A report is created using the search command line or through a Pivot. Here we will create a report using the ...

Get Splunk 7 Essentials - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.