Data enrichment: Lookups and workflow actions - Lookups and workflow actions are categories of knowledge objects that extend the usefulness of your data in various ways.Event types group together sets of events discovered through searches, while transactions are collections of conceptually-related events that span time. Data classification: Event types and transactions - You use event types and transactions to group together interesting sets of similar events.The fields that you extract manually expand and improve upon this layer of meaning.
#PORTAL BUNDLE NOT IN DEFAULT LOCATION SOFTWARE#
The fields that Splunk software automatically extracts from your IT data help bring meaning to your raw data, clarifying what can at first glance seem incomprehensible. Data interpretation: Fields and field extractions - Fields and field extractions make up the first order of Splunk software knowledge.Splunk software knowledge is grouped into five categories:
#PORTAL BUNDLE NOT IN DEFAULT LOCATION HOW TO#
The Knowledge Manager manual shows you how to maintain sets of knowledge objects for your organization through Splunk Web and configuration files, and it demonstrates ways that you can use Splunk knowledge to solve your organization's real-world problems. For example, event types enable you to quickly and easily classify and group together similar events you can then use them to perform analytical searches on precisely-defined subgroups of events. You can think of Splunk software knowledge as a multitool that you use to discover and analyze various aspects of your IT data. Unlike databases or schema-based analytical tools that decide what information to pull out or analyze beforehand, Splunk software enables you to dynamically extract knowledge from raw data as you need it.Īs your organization uses Splunk software, additional categories of Splunk software knowledge objects are created, including event types, tags, lookups, field extractions, workflow actions, and saved searches. But the bulk of this information is created at "search time," both by Splunk software and its users. Some of this information is extracted at index time, as Splunk software indexes your IT data. Splunk software extracts different kinds of knowledge from your IT data (events, fields, timestamps, and so on) to help you harness that information in a better, smarter, more focused way. When you use Splunk software you do more than look at individual entries in your log files you leverage the information they hold collectively to find out more about your IT environment. Splunk software provides a powerful search and analysis engine that helps you to see both the details and the larger patterns in your IT data.
0 kommentar(er)
