Splunk Operational Intelligence Cookbook -- Table of Contents -- Splunk Operational Intelligence Cookbook -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers, and more -- Why subscribe? -- Free access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Play Time - Getting Data In -- Introduction -- Indexing files and directories -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding a file or directory data input via the CLI -- Adding a file or directory input via inputs.conf -- One-time indexing of data files via the Splunk CLI -- Indexing the Windows event logs -- See also -- Getting data through network ports -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding a network input via the CLI -- Adding a network input via inputs.conf -- See also -- Using scripted inputs -- Getting ready -- How to do it... -- How it works... -- See also -- Using modular inputs -- Getting ready -- How to do it... -- How it works... -- There's more... -- See also -- Using the Universal Forwarder to gather data -- Getting ready -- How to do it... -- How it works... -- There's more... -- Add the receiving indexer via outputs.conf -- Loading the sample data for this book -- Getting ready -- How to do it... -- How it works... -- See also -- Defining field extractions -- Getting ready -- How to do it... -- How it works... -- See also -- Defining event types and tags -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding event types and tags via eventtypes.conf and tags.conf -- See also -- Summary.

2. Diving into Data - Search and Report -- Introduction -- Making raw event data readable -- Getting ready -- How to do it... -- How it works... -- There's more... -- Tabulating every field -- Removing fields, then tabulating everything else -- Finding the most accessed web pages -- Getting ready -- How to do it... -- How it works... -- There's more... -- Searching for the top 10 accessed web pages -- Searching for the most accessed pages by user -- See also -- Finding the most used web browsers -- Getting ready -- How to do it... -- How it works... -- There's more… -- Searching the web browser data for the most used OS types -- See also -- Identifying the top-referring websites -- Getting ready -- How to do it... -- How it works... -- There's more… -- Searching for the top 10 referring websites using stats instead of top -- See also -- Charting web page response codes -- Getting ready -- How to do it... -- How it works... -- There's more... -- Totaling success and error web page response codes -- See also -- Displaying web page response time statistics -- Getting ready -- How to do it... -- How it works... -- There's more... -- Displaying web page response time by action -- See also -- Listing the top viewed products -- Getting ready -- How to do it... -- How it works... -- There's more... -- Searching for the percentage of cart additions from product views -- See also -- Charting the application's functional performance -- Getting ready -- How to do it... -- How it works... -- There's more... -- See also -- Charting the application's memory usage -- Getting ready -- How to do it... -- How it works... -- See also -- Counting the total number of database connections -- Getting ready -- How to do it... -- How it works... -- See also -- Summary -- 3. Dashboards and Visualizations - Make Data Shine -- Introduction.

Creating an Operational Intelligence dashboard -- Getting ready -- How to do it... -- How it works... -- There's more... -- Changing dashboard permissions -- Using a pie chart to show the most accessed web pages -- Getting ready -- How to do it... -- How it works... -- There's more... -- Searching for the top 10 accessed web pages -- See also -- Displaying the unique number of visitors -- Getting ready -- How to do it... -- How it works... -- There's more… -- Adding labels to a single value panel -- Coloring the value based on ranges -- See also -- Using a gauge to display the number of errors -- Getting ready -- How to do it... -- How it works... -- There's more… -- See also -- Charting the number of method requests by type and host -- Getting ready -- How to do it... -- How it works... -- See also -- Creating a timechart of method requests, views, and response times -- Getting ready -- How to do it... -- How it works... -- There's more... -- Method requests, views, and response times by host -- See also -- Using a scatter chart to identify discrete requests by size and response time -- Getting ready -- How to do it... -- How it works... -- There's more... -- Using time series data points with a scatter chart -- See also -- Creating an area chart of the application's functional statistics -- Getting ready -- How to do it... -- How it works... -- See also -- Using a bar chart to show the average amount spent by category -- Getting ready -- How to do it... -- How it works... -- See also -- Creating a line chart of item views and purchases over time -- Getting ready -- How to do it… -- How it works... -- See also -- Summary -- 4. Building an Operational Intelligence Application -- Introduction -- Creating an Operational Intelligence application -- Getting ready -- How to do it... -- How it works... -- There's more...

Creating an application from another application -- Downloading and installing a Splunk app -- See also -- Adding dashboards and reports -- Getting ready -- How to do it... -- How it works... -- There's more… -- Changing the permissions of saved reports -- See also -- Organizing the dashboards more efficiently -- Getting ready -- How to do it... -- How it works... -- There's more… -- Modifying the SimpleXML directly -- See also -- Dynamically drilling down on activity reports -- Getting ready -- How to do it... -- How it works... -- There's more… -- Disabling the drilldown feature in tables and charts -- See also -- Creating a form to search web activities -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding a Submit button to your form -- See also -- Linking web page activity reports to the form -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding an overlay to the Sessions Over Time chart -- See also -- Displaying a geographical map of visitors -- Getting ready -- How to do it... -- How it works... -- There's more... -- Adding a map panel using SimpleXML -- Mapping different distributions by area -- See also -- Scheduling the PDF delivery of a dashboard -- Getting ready -- How to do it... -- How it works... -- See also -- Summary -- 5. Extending Intelligence - Data Models and Pivoting -- Introduction -- Creating a data model for web access logs -- Getting ready -- How to do it... -- How it works... -- There's more... -- Searching data models using the search interface -- See also -- Creating a data model for application logs -- Getting ready -- How to do it... -- How it works... -- See also -- Accelerating data models -- Getting ready -- How to do it... -- How it works... -- There's more... -- Viewing data model and acceleration summary information.

Advanced configuration of data model acceleration -- See also -- Pivoting total sales transactions -- Getting ready -- How to do it... -- How it works... -- There's more... -- Pivot searching using the pivot command and search interface -- See also -- Pivoting purchases by geographical location -- Getting ready -- How to do it... -- How it works... -- See also -- Pivoting slowest responding web pages -- Getting ready -- How to do it... -- How it works… -- See also -- Pivot charting top error codes -- Getting ready -- How to do it... -- How it works... -- See also -- Summary -- 6. Diving Deeper - Advanced Searching -- Introduction -- Calculating the average session time on a website -- Getting ready -- How to do it... -- How it works... -- There's more... -- Starts with a website visit, ends with a checkout -- Defining maximum pause, span, and events in a transaction -- See also -- Calculating the average execution time for multi-tier web requests -- Getting ready -- How to do it... -- How it works... -- There's more… -- Calculating the average execution time without using a join -- See also -- Displaying the maximum concurrent checkouts -- Getting ready -- How to do it... -- How it works... -- See also -- Analyzing the relationship of web requests -- Getting ready -- How to do it... -- How it works... -- There's more… -- Analyzing relationships of DB actions to memory utilization -- See also -- Predicting website-traffic volumes -- Getting ready -- How to do it... -- How it works... -- There's more… -- Predicting the total number of items purchased -- Predicting the average response time of function calls -- See also -- Finding abnormally sized web requests -- Getting ready -- How to do it... -- How it works... -- There's more... -- The anomalies command -- The anomalousvalues command -- The cluster command -- See also.

Identifying potential session spoofing.