Machine data -> [interprete] -> Visualisation
https://splunk4rookies.com/3052/self_register/arrow-up-right
Map reduce
Universal Forwarder
TODO
Setup
App -> Add data -> From source -> add source type ( for parsing ) -> Done -> Search/Analysis
Search : Search Processing Language pipelined data process language
Search Processing Language
Extract Field : Define a field with certain criteria (regexp), so that we can use the field name for search later
Do whatever filter in Search, namely count stats
count
stats
Tech debt
Runway : Contract first, Strict automation test for Trust, Independence, Unit test, Contribute Guide, Consider all usage
Last updated 5 years ago