Chapter 7. Enriching Data – Lookups and Workflows

In this chapter, we will learn how to augment and enrich the data within Splunk. You will learn about:

Looking up product code descriptions
Flagging suspect IP addresses
Creating a session state table
Adding hostnames to IP addresses
Searching ARIN for a given IP address
Triggering a Google search for a given error
Creating a ticket for application errors
Looking up inventory from an external database

Introduction

In the previous chapter, you continued to improve your Splunk search and analytical skills by creating highly advanced searches that leveraged more of the deep analytical commands to gain more operational intelligence from the data contained within the logs. In this chapter, you will leverage Splunk's ...

Get Splunk Operational Intelligence Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk Operational Intelligence Cookbook - Second Edition by Josh Diakun, Paul R Johnson, Derek Mock

Chapter 7. Enriching Data – Lookups and Workflows

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly