Chapter 6. Extending Search
In this chapter, we will look at some of the features that Splunk provides to go beyond its already powerful search language. We will cover the following with the help of examples:
- Tags and event types that help you categorize events, both for search and reporting
- Lookups that allow you to add external fields to events as though they were part of the original data
- Macros that let you reuse snippets of search in powerful ways
- Workflow actions that let you build searches and links based on field values in an event
- External commands that allow you to use Python code to work with search results
In this chapter, we will investigate a few of the many commands included in Splunk. We will write our own commands in Chapter 12, Extending ...
Get Implementing Splunk: Big Data Reporting and Development for Operational Intelligence now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
