Wk-notes-12-6-splunk

Splunk

• Machine data -> [interprete] -> Visualisation

• https://splunk4rookies.com/3052/self_register/

• Map reduce

Universal Forwarder

• TODO

Setup

App -> Add data -> From source -> add source type ( for parsing ) -> Done -> Search/Analysis

Search : Search Processing Language pipelined data process language

Extract Field : Define a field with certain criteria (regexp), so that we can use the field name for search later

• Do whatever filter in Search, namely count stats

  Tech debt

  Runway : Contract first, Strict automation test for Trust, Independence, Unit test, Contribute Guide, Consider all usage