1
Q
Best practices (5)
A
Limit searches by time (most recent or in a window)
More precise searches (similar to longest prefix)
Inclusion better than exclusion (and better than not)
Apply filtering
Use multiple indexes to segregate data
2
Q
Time abbreviations
A
s: seconds
m: minutes
h: hours
d: days
w: weeks
mon: month
y: year
3
Q
Time abbreviation @ symbol
A
rounds down to nearest time unit
-30m@h for 9:37 gives you 9:00-937
4
Q
Time search strings (2)
A
Earliest
Latest
5
Q
Most efficient way to filter events
A
By time
Splunk Fundamentals 1
flashcards
Decks in class (14)
# Cards
-
Module 1: Machine Data3
-
Module 2: What is Splunk?13
-
Module 3: Installing Splunk6
-
Module 4: Getting Data In5
-
Module 5: Basic Searching18
-
Module 6: Using Fields8
-
Module 7: Best Practices5
-
Module 8: SPL Fundamentals16
-
Module 9: Transforming Commands11
-
Module 10: Reports and Dashboards6
-
Module 11: Pivots and Datasets6
-
Module 12: Lookups8
-
Module 13: Scheduled Reports and Alerts9
-
RFI4
