In this chapter, we will work through a few advanced search examples in great detail. The examples and data shown are fictitious but will hopefully spark some ideas that you can apply to your own data. For a huge collection of examples and help topics, check out Splunk Answers at https://answers.splunk.com.
Our chapter flow will be as follows:
- Using subsearches to find loosely related events
- Using transaction
- Determining concurrency
- Calculating events per slice of time
- Rebuilding top
- Acceleration
- Version 7.0 advancements in metrics