SlideShare a Scribd company logo

SplunkLive Wellington 2015 - New Features, Pivot and Search Dojo

Splunk
Splunk

Splunk Enterprise - new features, pivot and search dojo

Data & Analytics
1 of 17
Download to read offline
New  Features,  Pivot  and  Search  Dojo   David  Anso   Technical  Enablement  Manager,  GKC  
2   Safe  Harbor  Statement   During   the   course   of   this   presentaDon,   we   may   make   forward   looking   statements   regarding   future   events  or  the  expected  performance  of  the  company.  We  cauDon  you  that  such  statements  reflect  our   current  expectaDons  and  esDmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐looking   statements  made  in  this  presentaDon  are  being  made  as  of  the  Dme  and  date  of  its  live  presentaDon.   If  reviewed  aOer  its  live  presentaDon,  this  presentaDon  may  not  contain  current  or  accurate  informaDon.     We  do  not  assume  any  obligaDon  to  update  any  forward  looking  statements  we  may  make.    In  addiDon,   any  informaDon  about  our  roadmap  outlines  our  general  product  direcDon  and  is  subject  to  change  at   any  Dme  without  noDce.  It  is  for  informaDonal  purposes  only  and  shall  not  be  incorporated  into  any   contract   or   other   commitment.   Splunk   undertakes   no   obligaDon   either   to   develop   the   features   or   funcDonality  described  or  to  include  any  such  feature  or  funcDonality  in  a  future  release.  
New  Features   Pivot   Search  Dojo   AGENDA
6.3  New  Features  
5   New  Features   Demo:  Splunk  6.3  Overview  App  
Pivot  
7   Pivot   Demo:  Instant  Pivot  
8   Pivot   Demo:  Instant  Pivot     Pivot  Tutorial  
9   Pivot   Demo:  Instant  Pivot     Pivot  Tutorial     Splunk  CIM  Data  Model  
Search  Dojo  
11   Search  Dojo   Comment  your  search:     sourcetype=access_combined | eval COMMENT="Examine all web logs" sourcetype=access_combined_wcookie | rename COMMENT AS "Examine all web logs"
12   Search  Dojo  
13   Search  Dojo  
14   Search  Dojo   Use  a  subsearch  to  improve  performance.     sourcetype=access_combined [|inputlookup ip_watchlist.csv | search type=malicious | fields clientip ]
15   Search  Dojo   Use  a  subsearch  to  search  for  text  rather  than  a  field.     sourcetype=access_combined [|inputlookup ip_watchlist.csv | search type=malicious | fields clientip | rename clientip as query ]
16   Search  Dojo   Issues  with  the  subsearch  approach:     Subsearches  have  a  limit  of  10,000  results.    If  there  are   more  result  for  the  subsearch,  only  10,000  of  them  will   make  it  through.     While  searching  text  may  prove  faster,  it  will  prevent   you  matching  any  field  values  that  are  created  by   calculated  fields,  lookups,  etc.
17   Search  Dojo   Ensuring  your  search  returns  a  result:   | inputlookup malwaredomains.csv |head 10 | append [ |stats count | eval domain="splunk.com" | eval category="exploits" | eval isbad="false" | eval reference="Test match to ensure results from search" ]

Recommended

6. Requirements Management, Macadamian - Sona Sahakyan
6. Requirements Management, Macadamian - Sona Sahakyan6. Requirements Management, Macadamian - Sona Sahakyan
6. Requirements Management, Macadamian - Sona Sahakyan
Arevik Harutyunyan
 
Interview with Issam Lahlali, one of the CppDepend tool creators
Interview with Issam Lahlali, one of the CppDepend tool creatorsInterview with Issam Lahlali, one of the CppDepend tool creators
Interview with Issam Lahlali, one of the CppDepend tool creators
PVS-Studio
 
Consumer-driven contracts with Pact and PHP
Consumer-driven contracts with Pact and PHPConsumer-driven contracts with Pact and PHP
Consumer-driven contracts with Pact and PHP
Andy Kelk
 
Consumer Driven Contracts and Your Microservice Architecture
Consumer Driven Contracts and Your Microservice ArchitectureConsumer Driven Contracts and Your Microservice Architecture
Consumer Driven Contracts and Your Microservice Architecture
Marcin Grzejszczak
 
Microservices: Consumer Driven Contracts in Practice
Microservices: Consumer Driven Contracts in PracticeMicroservices: Consumer Driven Contracts in Practice
Microservices: Consumer Driven Contracts in Practice
Qaiser Mazhar
 
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pactvodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA
 
Courier Live May Product Release Notes
Courier Live May Product Release NotesCourier Live May Product Release Notes
Courier Live May Product Release Notes
Letterdrop
 
Salesforce Developer Workshop for GDF Suez Hackathon
Salesforce Developer Workshop for GDF Suez HackathonSalesforce Developer Workshop for GDF Suez Hackathon
Salesforce Developer Workshop for GDF Suez Hackathon
Peter Chittum
 

Recommended

6. Requirements Management, Macadamian - Sona Sahakyan
6. Requirements Management, Macadamian - Sona Sahakyan6. Requirements Management, Macadamian - Sona Sahakyan
6. Requirements Management, Macadamian - Sona Sahakyan
Arevik Harutyunyan
 
Interview with Issam Lahlali, one of the CppDepend tool creators
Interview with Issam Lahlali, one of the CppDepend tool creatorsInterview with Issam Lahlali, one of the CppDepend tool creators
Interview with Issam Lahlali, one of the CppDepend tool creators
PVS-Studio
 
Consumer-driven contracts with Pact and PHP
Consumer-driven contracts with Pact and PHPConsumer-driven contracts with Pact and PHP
Consumer-driven contracts with Pact and PHP
Andy Kelk
 
Consumer Driven Contracts and Your Microservice Architecture
Consumer Driven Contracts and Your Microservice ArchitectureConsumer Driven Contracts and Your Microservice Architecture
Consumer Driven Contracts and Your Microservice Architecture
Marcin Grzejszczak
 
Microservices: Consumer Driven Contracts in Practice
Microservices: Consumer Driven Contracts in PracticeMicroservices: Consumer Driven Contracts in Practice
Microservices: Consumer Driven Contracts in Practice
Qaiser Mazhar
 
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pactvodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA(Pune) 2018 - Consumer driven contract testing using pact
vodQA
 
Courier Live May Product Release Notes
Courier Live May Product Release NotesCourier Live May Product Release Notes
Courier Live May Product Release Notes
Letterdrop
 
Salesforce Developer Workshop for GDF Suez Hackathon
Salesforce Developer Workshop for GDF Suez HackathonSalesforce Developer Workshop for GDF Suez Hackathon
Salesforce Developer Workshop for GDF Suez Hackathon
Peter Chittum
 
SplunkLive! Paris 2015 - Auchan
SplunkLive! Paris 2015 - AuchanSplunkLive! Paris 2015 - Auchan
SplunkLive! Paris 2015 - Auchan
Splunk
 
Présentation sur splunk
Présentation sur splunkPrésentation sur splunk
Présentation sur splunk
Najib Ihsine
 
Splunk
SplunkSplunk
Splunk
Bruno Bonfils
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
M sharifi
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
Mohamed Zohair
 
Investigation de cybersécurité avec Splunk
Investigation de cybersécurité avec SplunkInvestigation de cybersécurité avec Splunk
Investigation de cybersécurité avec Splunk
Ibrahimous
 
Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!
merbla
 
Splunk in Target: Internet of Things (Robot Analytics)
Splunk in Target: Internet of Things (Robot Analytics)Splunk in Target: Internet of Things (Robot Analytics)
Splunk in Target: Internet of Things (Robot Analytics)
Timur Bagirov
 
Splunk for net developers
Splunk for net developersSplunk for net developers
Splunk for net developers
Glenn Block
 
Finding relevant results faster with Elasticsearch
Finding relevant results faster with ElasticsearchFinding relevant results faster with Elasticsearch
Finding relevant results faster with Elasticsearch
Elasticsearch
 
Splunk in Otto: Business Analytics
Splunk in Otto: Business Analytics Splunk in Otto: Business Analytics
Splunk in Otto: Business Analytics
Timur Bagirov
 
SplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
SplunkLive! Stockholm 2015 breakout - Splunk IT Service IntelligenceSplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
SplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
Splunk
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
Elasticsearch
 
Building great search experiences
Building great search experiencesBuilding great search experiences
Building great search experiences
Elasticsearch
 
Elastic Observability keynote
Elastic Observability keynoteElastic Observability keynote
Elastic Observability keynote
Elasticsearch
 
SplunkSummit 2015 - Introduction to ITSI
SplunkSummit 2015 - Introduction to ITSISplunkSummit 2015 - Introduction to ITSI
SplunkSummit 2015 - Introduction to ITSI
Splunk
 
SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1
Splunk
 
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache SparkPolymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Databricks
 
Salesforce Spring'15 release overview
Salesforce Spring'15 release overviewSalesforce Spring'15 release overview
Salesforce Spring'15 release overview
Rakesh Gupta
 
You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?
cornelia davis
 
Building einstein analytics apps uk-compressed
Building einstein analytics apps uk-compressedBuilding einstein analytics apps uk-compressed
Building einstein analytics apps uk-compressed
rikkehovgaard
 
Public sector keynote
Public sector keynotePublic sector keynote
Public sector keynote
Elasticsearch
 

More Related Content

Viewers also liked

Viewers also liked (6)

SplunkLive! Paris 2015 - Auchan
SplunkLive! Paris 2015 - AuchanSplunkLive! Paris 2015 - Auchan
SplunkLive! Paris 2015 - Auchan
 
Présentation sur splunk
Présentation sur splunkPrésentation sur splunk
Présentation sur splunk
 
Splunk
SplunkSplunk
Splunk
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
HP ArcSight
HP ArcSight HP ArcSight
HP ArcSight
 
Investigation de cybersécurité avec Splunk
Investigation de cybersécurité avec SplunkInvestigation de cybersécurité avec Splunk
Investigation de cybersécurité avec Splunk
 

Similar to SplunkLive Wellington 2015 - New Features, Pivot and Search Dojo

Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!
merbla
 
SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1
Splunk
 
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache SparkPolymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Databricks
 
You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?
cornelia davis
 
Spring '16 Release Preview Webinar
Spring '16 Release Preview Webinar Spring '16 Release Preview Webinar
Spring '16 Release Preview Webinar
Salesforce Developers
 
Spring '14 Release Developer Preview Webinar
Spring '14 Release Developer Preview WebinarSpring '14 Release Developer Preview Webinar
Spring '14 Release Developer Preview Webinar
Salesforce Developers
 

Similar to SplunkLive Wellington 2015 - New Features, Pivot and Search Dojo (20)

Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!Throw Your Future Self a Lifeline with a Little DevOps Data!
Throw Your Future Self a Lifeline with a Little DevOps Data!
 
Splunk in Target: Internet of Things (Robot Analytics)
Splunk in Target: Internet of Things (Robot Analytics)Splunk in Target: Internet of Things (Robot Analytics)
Splunk in Target: Internet of Things (Robot Analytics)
 
Splunk for net developers
Splunk for net developersSplunk for net developers
Splunk for net developers
 
Finding relevant results faster with Elasticsearch
Finding relevant results faster with ElasticsearchFinding relevant results faster with Elasticsearch
Finding relevant results faster with Elasticsearch
 
Splunk in Otto: Business Analytics
Splunk in Otto: Business Analytics Splunk in Otto: Business Analytics
Splunk in Otto: Business Analytics
 
SplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
SplunkLive! Stockholm 2015 breakout - Splunk IT Service IntelligenceSplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
SplunkLive! Stockholm 2015 breakout - Splunk IT Service Intelligence
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
 
Building great search experiences
Building great search experiencesBuilding great search experiences
Building great search experiences
 
Elastic Observability keynote
Elastic Observability keynoteElastic Observability keynote
Elastic Observability keynote
 
SplunkSummit 2015 - Introduction to ITSI
SplunkSummit 2015 - Introduction to ITSISplunkSummit 2015 - Introduction to ITSI
SplunkSummit 2015 - Introduction to ITSI
 
SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1SplunkLive! Analytics with Splunk Enterprise - Part 1
SplunkLive! Analytics with Splunk Enterprise - Part 1
 
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache SparkPolymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
Polymorphic Table Functions: The Best Way to Integrate SQL and Apache Spark
 
Salesforce Spring'15 release overview
Salesforce Spring'15 release overviewSalesforce Spring'15 release overview
Salesforce Spring'15 release overview
 
You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?You've Made Kubernetes Available to Your Developers, Now What?
You've Made Kubernetes Available to Your Developers, Now What?
 
Building einstein analytics apps uk-compressed
Building einstein analytics apps uk-compressedBuilding einstein analytics apps uk-compressed
Building einstein analytics apps uk-compressed
 
Public sector keynote
Public sector keynotePublic sector keynote
Public sector keynote
 
Spring '16 Release Preview Webinar
Spring '16 Release Preview Webinar Spring '16 Release Preview Webinar
Spring '16 Release Preview Webinar
 
Spring '14 Release Developer Preview Webinar
Spring '14 Release Developer Preview WebinarSpring '14 Release Developer Preview Webinar
Spring '14 Release Developer Preview Webinar
 
Real-Time Analytics
Real-Time AnalyticsReal-Time Analytics
Real-Time Analytics
 
Service intelligence hands on workshop
Service intelligence hands on workshopService intelligence hands on workshop
Service intelligence hands on workshop
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理
pyhepag
 
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
fztigerwe
 
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
0uyfyq0q4
 
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotecAbortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Fuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertaintyFuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertainty
RafigAliyev2
 
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat ViagraToko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
adet6151
 
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
hwhqz6r1y
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
dq9vz1isj
 
一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理
cyebo
 
edited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdfedited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdf
great91
 
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptxAudience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Stephen266013
 

Recently uploaded (20)

How I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prisonHow I opened a fake bank account and didn't go to prison
How I opened a fake bank account and didn't go to prison
 
一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理一比一原版西悉尼大学毕业证成绩单如何办理
一比一原版西悉尼大学毕业证成绩单如何办理
 
AI Imagen for data-storytelling Infographics.pdf
AI Imagen for data-storytelling Infographics.pdfAI Imagen for data-storytelling Infographics.pdf
AI Imagen for data-storytelling Infographics.pdf
 
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
如何办理哥伦比亚大学毕业证(Columbia毕业证)成绩单原版一比一
 
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
如何办理滑铁卢大学毕业证(Waterloo毕业证)成绩单本科学位证原版一比一
 
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotecAbortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
Abortion pills in Dammam Saudi Arabia// +966572737505 // buy cytotec
 
Fuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertaintyFuzzy Sets decision making under information of uncertainty
Fuzzy Sets decision making under information of uncertainty
 
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat ViagraToko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
Toko Jual Viagra Asli Di Salatiga 081229400522 Obat Kuat Viagra
 
Data Visualization Exploring and Explaining with Data 1st Edition by Camm sol...
Data Visualization Exploring and Explaining with Data 1st Edition by Camm sol...Data Visualization Exploring and Explaining with Data 1st Edition by Camm sol...
Data Visualization Exploring and Explaining with Data 1st Edition by Camm sol...
 
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
如何办理澳洲悉尼大学毕业证(USYD毕业证书)学位证成绩单原版一比一
 
How to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data AnalyticsHow to Transform Clinical Trial Management with Advanced Data Analytics
How to Transform Clinical Trial Management with Advanced Data Analytics
 
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
1:1原版定制伦敦政治经济学院毕业证(LSE毕业证)成绩单学位证书留信学历认证
 
一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理一比一原版纽卡斯尔大学毕业证成绩单如何办理
一比一原版纽卡斯尔大学毕业证成绩单如何办理
 
2024 Q2 Orange County (CA) Tableau User Group Meeting
2024 Q2 Orange County (CA) Tableau User Group Meeting2024 Q2 Orange County (CA) Tableau User Group Meeting
2024 Q2 Orange County (CA) Tableau User Group Meeting
 
edited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdfedited gordis ebook sixth edition david d.pdf
edited gordis ebook sixth edition david d.pdf
 
Audience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptxAudience Researchndfhcvnfgvgbhujhgfv.pptx
Audience Researchndfhcvnfgvgbhujhgfv.pptx
 
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
Genuine love spell caster )! ,+27834335081) Ex lover back permanently in At...
 
123.docx. .
123.docx. .123.docx. .
123.docx. .
 
ℂall Girls Kashmiri Gate ℂall Now Chhaya ☎ 9899900591 WhatsApp Number 24/7
ℂall Girls Kashmiri Gate ℂall Now Chhaya ☎ 9899900591 WhatsApp Number 24/7ℂall Girls Kashmiri Gate ℂall Now Chhaya ☎ 9899900591 WhatsApp Number 24/7
ℂall Girls Kashmiri Gate ℂall Now Chhaya ☎ 9899900591 WhatsApp Number 24/7
 
2024 Q1 Tableau User Group Leader Quarterly Call
2024 Q1 Tableau User Group Leader Quarterly Call2024 Q1 Tableau User Group Leader Quarterly Call
2024 Q1 Tableau User Group Leader Quarterly Call
 

SplunkLive Wellington 2015 - New Features, Pivot and Search Dojo

  • 1. New  Features,  Pivot  and  Search  Dojo   David  Anso   Technical  Enablement  Manager,  GKC  
  • 2. 2   Safe  Harbor  Statement   During   the   course   of   this   presentaDon,   we   may   make   forward   looking   statements   regarding   future   events  or  the  expected  performance  of  the  company.  We  cauDon  you  that  such  statements  reflect  our   current  expectaDons  and  esDmates  based  on  factors  currently  known  to  us  and  that  actual  events  or   results  could  differ  materially.  For  important  factors  that  may  cause  actual  results  to  differ  from  those   contained  in  our  forward-­‐looking  statements,  please  review  our  filings  with  the  SEC.    The  forward-­‐looking   statements  made  in  this  presentaDon  are  being  made  as  of  the  Dme  and  date  of  its  live  presentaDon.   If  reviewed  aOer  its  live  presentaDon,  this  presentaDon  may  not  contain  current  or  accurate  informaDon.     We  do  not  assume  any  obligaDon  to  update  any  forward  looking  statements  we  may  make.    In  addiDon,   any  informaDon  about  our  roadmap  outlines  our  general  product  direcDon  and  is  subject  to  change  at   any  Dme  without  noDce.  It  is  for  informaDonal  purposes  only  and  shall  not  be  incorporated  into  any   contract   or   other   commitment.   Splunk   undertakes   no   obligaDon   either   to   develop   the   features   or   funcDonality  described  or  to  include  any  such  feature  or  funcDonality  in  a  future  release.  
  • 3. New  Features   Pivot   Search  Dojo   AGENDA
  • 5. 5   New  Features   Demo:  Splunk  6.3  Overview  App  
  • 7. 7   Pivot   Demo:  Instant  Pivot  
  • 8. 8   Pivot   Demo:  Instant  Pivot     Pivot  Tutorial  
  • 9. 9   Pivot   Demo:  Instant  Pivot     Pivot  Tutorial     Splunk  CIM  Data  Model  
  • 11. 11   Search  Dojo   Comment  your  search:     sourcetype=access_combined | eval COMMENT="Examine all web logs" sourcetype=access_combined_wcookie | rename COMMENT AS "Examine all web logs"
  • 14. 14   Search  Dojo   Use  a  subsearch  to  improve  performance.     sourcetype=access_combined [|inputlookup ip_watchlist.csv | search type=malicious | fields clientip ]
  • 15. 15   Search  Dojo   Use  a  subsearch  to  search  for  text  rather  than  a  field.     sourcetype=access_combined [|inputlookup ip_watchlist.csv | search type=malicious | fields clientip | rename clientip as query ]
  • 16. 16   Search  Dojo   Issues  with  the  subsearch  approach:     Subsearches  have  a  limit  of  10,000  results.    If  there  are   more  result  for  the  subsearch,  only  10,000  of  them  will   make  it  through.     While  searching  text  may  prove  faster,  it  will  prevent   you  matching  any  field  values  that  are  created  by   calculated  fields,  lookups,  etc.
  • 17. 17   Search  Dojo   Ensuring  your  search  returns  a  result:   | inputlookup malwaredomains.csv |head 10 | append [ |stats count | eval domain="splunk.com" | eval category="exploits" | eval isbad="false" | eval reference="Test match to ensure results from search" ]