This walkthrough demonstrates a few basic commands that can be used in Splunk to manipulate logs and data. Specifically, we will be issuing commands from Splunk's Search Processing Language (SPL) which is able to search for, filter, modify, and manipulate log data.
.
- Windows 10 Desktop
- Splunk Enterprise
- Windows 10
Overview
1. Stats: The stats command is used to perform a certain action on the search results. This includes calculating the sum, average, minimum, and maximum of values.
- Eval: The eval command allows users to create new fields or edit fields.
3. Strptime: The strptime command is used to convert a human-readable time to a Unix-based time. To strptime command comes in the form of two arguments. The first string of the argument describes the data and time and the second argument describes how the data and time is structured in the string.