0% found this document useful (0 votes)

104 views9 pages

Intermediate Searching: Recall The Search Pipeline

The document discusses intermediate searching techniques in Splunk including commands like top, rare, and stats. Top returns the most common values of a field, rare returns the least common, and stats calculates statistics on fields. Examples are provided for each command.

Uploaded by

Kancharla

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

104 views9 pages

Intermediate Searching: Recall The Search Pipeline

Uploaded by

Kancharla

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

Intermediate Searching >

Recall the search pipeline

Broad search Keywords/booleans/fields Commands Table / Viz
host=myhost fail OR failure count Table
sourcetype=csv locked sum timechart
user=b123 eval

11010101
11010101 1101
00001001 1101
00001001 0101
11011101 0101
11011101 1111
01111010

The data we want

A lot of data
The format we want

© Adam Frisbee, adamfrisbee.com

Intermediate Searching >
Let’s look at some transforming commands

• top
• rare
• stats

© Adam Frisbee, adamfrisbee.com

Intermediate Searching >
Top

• top <field>
• Returns the most common values of a given field
• Defaults to 10 fields
• Can be combined with limit=<number>
• Automatically builds a table with count and percent columns
• Can be used with multiple fields
• “return the top value for a field organized by another field”

© Adam Frisbee, adamfrisbee.com

Intermediate Searching >
| top user

user count percent

gholmes0 43 21%
jruiz1 30 15%
hdean 24 12%
pbishop 23 11.5%
lmendez 23 11.5%
kpuroo14 20 1%
dlamd5t 12 0.06%
wgreene87 9 0.04%
jbruss 9 0.04%
anolowitz2 7 0.03%

© Adam Frisbee, adamfrisbee.com

Intermediate Searching >
Rare

• rare <field>
• Opposite of top
• Returns the least common values of a field
• Options are identical to top

Intermediate Searching >
Stats

• stats <function(field)> BY <field(s)>

• Some common functions

• count, avg, max, mean, median, sum, stdev, values, list

Intermediate Searching >
| stats avg(kbps) BY host

Avg(kbps) host
654.78 host1.domain.com
852.66 host2.domain.com

| stats count(failed_logins) BY user

Failed_logins user
42 jwebber
16 asloken3

LogPoint - Cheat Sheet - v6
100% (1)
LogPoint - Cheat Sheet - v6
3 pages
Sec Cert Deed of Sale
100% (8)
Sec Cert Deed of Sale
1 page
A Comprehensive Statistics Cheat Sheet For Data Science Interviews - StrataScratch
No ratings yet
A Comprehensive Statistics Cheat Sheet For Data Science Interviews - StrataScratch
32 pages
Intro To The Historian Excel Add-In
No ratings yet
Intro To The Historian Excel Add-In
39 pages
Splunk Fundamentals 1 Lab Exercises: Lab Module 9 - Transforming Commands
No ratings yet
Splunk Fundamentals 1 Lab Exercises: Lab Module 9 - Transforming Commands
14 pages
ETL Testing White Paper
No ratings yet
ETL Testing White Paper
8 pages
ETL Testing White Paper
No ratings yet
ETL Testing White Paper
8 pages
7.1 Intermediasearching PDF
No ratings yet
7.1 Intermediasearching PDF
9 pages
Splunk 4.x Cheatsheet
100% (1)
Splunk 4.x Cheatsheet
8 pages
Splunk Module 2 Basic Searching
No ratings yet
Splunk Module 2 Basic Searching
94 pages
Cheat Sheet
No ratings yet
Cheat Sheet
10 pages
Searc Ching An ND Repo Orting Wit TH Splun NK 4.2 CL Lass Labs S
No ratings yet
Searc Ching An ND Repo Orting Wit TH Splun NK 4.2 CL Lass Labs S
14 pages
Splunk Quick Ref Guide
No ratings yet
Splunk Quick Ref Guide
6 pages
Splunk Typical Commands-1
No ratings yet
Splunk Typical Commands-1
43 pages
Query Findings in The Console - Security Command Center - Google Cloud
No ratings yet
Query Findings in The Console - Security Command Center - Google Cloud
6 pages
Splunk Development Day 5: - Vikram Yadav (VY)
No ratings yet
Splunk Development Day 5: - Vikram Yadav (VY)
29 pages
Splunk Use Cases
No ratings yet
Splunk Use Cases
61 pages
Stats and Its Real World Applications.
No ratings yet
Stats and Its Real World Applications.
53 pages
SAP ASE Performance and Tuning Series Improving Performance Statistical Analysis en PDF
No ratings yet
SAP ASE Performance and Tuning Series Improving Performance Statistical Analysis en PDF
62 pages
L03
No ratings yet
L03
16 pages
Splunk SPL Commands Quick Reference
No ratings yet
Splunk SPL Commands Quick Reference
3 pages
Examine The Employee List: Points To Remember
No ratings yet
Examine The Employee List: Points To Remember
14 pages
CS 3308 Discussion Assignment Unit 5
No ratings yet
CS 3308 Discussion Assignment Unit 5
5 pages
Performance Evaluation of Information Retrieval Systems
No ratings yet
Performance Evaluation of Information Retrieval Systems
46 pages
AX2009 - Wildcards
No ratings yet
AX2009 - Wildcards
1 page
3 Query Processing and Optimization-1
No ratings yet
3 Query Processing and Optimization-1
18 pages
DM Unit1 - 2 Data - Preprocssing 19I504
No ratings yet
DM Unit1 - 2 Data - Preprocssing 19I504
67 pages
Sintax English Final
No ratings yet
Sintax English Final
40 pages
Module 5-6
No ratings yet
Module 5-6
38 pages
Splunk Basic Searches2
No ratings yet
Splunk Basic Searches2
3 pages
Topics To Be Covered
No ratings yet
Topics To Be Covered
58 pages
Module 2c - Exploratory Data Analysis
No ratings yet
Module 2c - Exploratory Data Analysis
18 pages
Data Analyst Cheat Sheet
No ratings yet
Data Analyst Cheat Sheet
28 pages
Unix Text Analysis
No ratings yet
Unix Text Analysis
9 pages
SplunkCheatsheet PDF
100% (1)
SplunkCheatsheet PDF
2 pages
4 IRinArabic2021 Ranked Retrieval I
No ratings yet
4 IRinArabic2021 Ranked Retrieval I
49 pages
06 Ess Query Operations
No ratings yet
06 Ess Query Operations
28 pages
MySQL Commands PDF
No ratings yet
MySQL Commands PDF
12 pages
IR Merged Merged
No ratings yet
IR Merged Merged
132 pages
Functions in Obiee
No ratings yet
Functions in Obiee
6 pages
Splunk Power
No ratings yet
Splunk Power
7 pages
Introduction To: Information Retrieval
No ratings yet
Introduction To: Information Retrieval
50 pages
Core Windows Powershell® Cmdlets
No ratings yet
Core Windows Powershell® Cmdlets
43 pages
RM 11 - Understanding Total Query
No ratings yet
RM 11 - Understanding Total Query
21 pages
QMF - Query Management Facility
No ratings yet
QMF - Query Management Facility
425 pages
FortiSIEM Analytics Cheatsheet
No ratings yet
FortiSIEM Analytics Cheatsheet
2 pages
Dorking 101 The Art of Passive Recon: by Christy Long
100% (1)
Dorking 101 The Art of Passive Recon: by Christy Long
27 pages
MTH 4407 - Group 2 (Dr. Farid Zamani) - Lecture 6
No ratings yet
MTH 4407 - Group 2 (Dr. Farid Zamani) - Lecture 6
22 pages
Logpoint Search Query Language
No ratings yet
Logpoint Search Query Language
65 pages
Chapter - 3 Data Pre - Processing
No ratings yet
Chapter - 3 Data Pre - Processing
54 pages
Ip 8
No ratings yet
Ip 8
51 pages
The Search Pipeline: - Relies Heavily On The Unix Pipe Operator
No ratings yet
The Search Pipeline: - Relies Heavily On The Unix Pipe Operator
9 pages
Information Storage and Retrival
No ratings yet
Information Storage and Retrival
31 pages
Bluman Elem Stats 9e CH03 PPTS
No ratings yet
Bluman Elem Stats 9e CH03 PPTS
89 pages
QMF Document PDF
No ratings yet
QMF Document PDF
157 pages
Handy Mysql Commands Description Command: Main Menu Blog About
No ratings yet
Handy Mysql Commands Description Command: Main Menu Blog About
3 pages
Python CheatSheet
No ratings yet
Python CheatSheet
2 pages
Introduction To Statistics
No ratings yet
Introduction To Statistics
6 pages
Descriptive Analysis
No ratings yet
Descriptive Analysis
20 pages
Splunk Search
No ratings yet
Splunk Search
22 pages
Unit 1introduction
No ratings yet
Unit 1introduction
44 pages
Lesson 2 - Data Preprocessing
100% (1)
Lesson 2 - Data Preprocessing
72 pages
Top Interview Questions
No ratings yet
Top Interview Questions
8 pages
1.2 Test Case Specification Sample PDF
No ratings yet
1.2 Test Case Specification Sample PDF
1 page
1.1 Test Procedure Specification Sample PDF
No ratings yet
1.1 Test Procedure Specification Sample PDF
1 page
Questions PLS
No ratings yet
Questions PLS
10 pages
17.1 Chapter 4 Answers PDF
No ratings yet
17.1 Chapter 4 Answers PDF
11 pages
Foundation Exam Sample 2017 Answers
No ratings yet
Foundation Exam Sample 2017 Answers
5 pages
Home Work2 PDF
No ratings yet
Home Work2 PDF
1 page
Foundation Exam Sample 2017 Answers
No ratings yet
Foundation Exam Sample 2017 Answers
5 pages
Foundation Exam Sample 2017 Questions PDF
No ratings yet
Foundation Exam Sample 2017 Questions PDF
6 pages
Foundation Exam Sample 2017 Questions PDF
No ratings yet
Foundation Exam Sample 2017 Questions PDF
6 pages
7.1 Homework1 PDF
No ratings yet
7.1 Homework1 PDF
1 page
Home Work2 PDF
No ratings yet
Home Work2 PDF
1 page
Check Control File Location:: Task1
No ratings yet
Check Control File Location:: Task1
5 pages
Functionality Testing
No ratings yet
Functionality Testing
7 pages
Important Links: Installation
No ratings yet
Important Links: Installation
1 page
Bo Cheklist
No ratings yet
Bo Cheklist
2 pages
What Is Splunk?: - Operational Intelligence - Data Visualization - Alerting - Reporting - Investigation
No ratings yet
What Is Splunk?: - Operational Intelligence - Data Visualization - Alerting - Reporting - Investigation
6 pages
What Is Data Load Strategy For Testing
No ratings yet
What Is Data Load Strategy For Testing
1 page
Important Links: Installation
No ratings yet
Important Links: Installation
1 page
ETL Testing Interview Questions and Answers
No ratings yet
ETL Testing Interview Questions and Answers
9 pages
Top 25 ETL Testing Interview Questions
No ratings yet
Top 25 ETL Testing Interview Questions
6 pages
Panama Foundation La1
100% (2)
Panama Foundation La1
6 pages
Casagrand ECR14 Signature Brochure
No ratings yet
Casagrand ECR14 Signature Brochure
35 pages
Ewtw
No ratings yet
Ewtw
3 pages
FY-2025-26-Development-Budget-Bk Vol.-3
No ratings yet
FY-2025-26-Development-Budget-Bk Vol.-3
822 pages
Vestige
No ratings yet
Vestige
77 pages
NYSE Technologies SuperFeed Global Connectivity Product Sheet
No ratings yet
NYSE Technologies SuperFeed Global Connectivity Product Sheet
2 pages
Getting Started For Windows: Visp 2.6.1: Visual Servoing Platform
No ratings yet
Getting Started For Windows: Visp 2.6.1: Visual Servoing Platform
16 pages
Guidelines For Project Work in Economics
No ratings yet
Guidelines For Project Work in Economics
5 pages
LP-II Lab Manual
No ratings yet
LP-II Lab Manual
11 pages
Industrial Good Suppliers
No ratings yet
Industrial Good Suppliers
8 pages
Plastering Finishing Works Presentation
No ratings yet
Plastering Finishing Works Presentation
10 pages
Cara Deployment Next - Js Menggunakan Jenkins
No ratings yet
Cara Deployment Next - Js Menggunakan Jenkins
4 pages
Appendix A
No ratings yet
Appendix A
12 pages
When Vendor Is Not Bound To Deliver The Thing Sold
No ratings yet
When Vendor Is Not Bound To Deliver The Thing Sold
1 page
Interview OFW
No ratings yet
Interview OFW
4 pages
Canking - Can Simulation Software: EX. NO.1.B 02-07-2019
No ratings yet
Canking - Can Simulation Software: EX. NO.1.B 02-07-2019
6 pages
String Operations in C++ Builder Are Mainly Performed Using A Class Called AnsiString
No ratings yet
String Operations in C++ Builder Are Mainly Performed Using A Class Called AnsiString
10 pages
Modigliani - Miller Approach
100% (1)
Modigliani - Miller Approach
12 pages
The Life and Culture of The Indigenous People
No ratings yet
The Life and Culture of The Indigenous People
2 pages
MLBSherman Act
No ratings yet
MLBSherman Act
7 pages
Cover Letter
No ratings yet
Cover Letter
2 pages
Tests of Controls
No ratings yet
Tests of Controls
6 pages
Openxlsx
No ratings yet
Openxlsx
77 pages
Ai Brochure Print
No ratings yet
Ai Brochure Print
15 pages
Questions and Answers On The 'Guideline On The Limits of Genotoxic Impurities'
No ratings yet
Questions and Answers On The 'Guideline On The Limits of Genotoxic Impurities'
6 pages
Craig Storrs Appeal State Central Committee Sixth District
No ratings yet
Craig Storrs Appeal State Central Committee Sixth District
43 pages
Admitcard 2510003294 6408194
No ratings yet
Admitcard 2510003294 6408194
2 pages
LEON UMALE Vs Villaluz Digest
No ratings yet
LEON UMALE Vs Villaluz Digest
2 pages
Mohamed Gomaa CV
No ratings yet
Mohamed Gomaa CV
3 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Intermediate Searching: Recall The Search Pipeline

Uploaded by

Intermediate Searching: Recall The Search Pipeline

Uploaded by

Intermediate Searching >

Recall the search pipeline

The data we want

© Adam Frisbee, adamfrisbee.com

© Adam Frisbee, adamfrisbee.com

© Adam Frisbee, adamfrisbee.com

user count percent

© Adam Frisbee, adamfrisbee.com

© Adam Frisbee, adamfrisbee.com

• stats <function(field)> BY <field(s)>

• Some common functions

© Adam Frisbee, adamfrisbee.com

| stats count(failed_logins) BY user

© Adam Frisbee, adamfrisbee.com

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.