Splunk: How to Build More Effective Searches
Thursday November 30th at 1:00 PM EST
Splunk can be a very effective tool in aggregating data and making it easy to use. Building more effective searches can help to get results more quickly, in both the time it takes for the search results to return and the number of searches it takes to find the desired results. Experience leads to better insight into writing more effective searches, but there are tips to help accelerate the process.
Splunk searches have a lifecycle of their own. Understanding this cycle helps to determine where to improve searches to make them better. When a new version of Splunk is released, there are often improvements to the software. This includes Splunk's Search Processing Language (SPL). The new approach includes the use of "tstats". This, and other lesser known search commands help Splunk become a more versatile tool.
As part of this TekTalk, we will cover:
- The lifecycle of searches
- New SPL's in Splunk 7
- Discussion about Tstats
- Other lesser-known search commands