Summary

In this chapter, we have discussed how to format all incoming data to a Splunk-friendly format, pre-indexing in order to ease search querying and knowledge management going forward.

In the next chapter, we will discuss how to create events, fields, saved searches, and metadata (permissions) on the data ingested. We will also discuss the importance of each knowledge object, the best practices, and importance of knowledge object creation and management.

Get Splunk Best Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.