Finding the data you need in Splunk is relatively easy, as you have seen in previous chapters. Doing the same thing repeatedly for different datasets, however, requires that you employ techniques that make data retrieval faster, easier, and more controlled with reusable configurations. In Chapter 2, Bringing in Data, you were shown how to use data fields and make field extractions. In Chapter 6, Data Models and Pivot, you learned how to create data models. You will continue that journey in this chapter by learning how to classify your data using Event Types, enrich your data using Lookups, and normalize your data using Tags.
Once you have these essentials in place, you will be able to more easily create reports, alerts, and dashboards, and capture analytical value from machine data quickly.
In this chapter, we will cover a wide range of topics that showcase ways to manage, analyze, and get results from machine data. These topics will help you work more efficiently with Splunk:
- Data classification with Event Types
- Data normalization with Tags
- Data enrichment with Lookups
- Creating reports
- Creating alerts
- The Custom Cron schedule
- Scheduling options
- Optimizing search performance with acceleration and summaries