In the previous chapter, you learned how to extract fields from Splunk using delimiters and regular expressions to create macros and field aliases. You also performed a few Search Processing Language commands to improve retention rates. In this chapter, you deal with Splunk tags and lookups and create various reports and alerts. Splunk tags are pairs of nomenclature-added values that assign names to a specific field and its value combination. Splunk lookups enhance data by adding a field-value combination from any external data source. Reports are saved search results, ...
Get Splunk Certified Study Guide: Prepare for the User, Power User, and Enterprise Admin Certifications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
