Good evening guys,
I'm new using this tool, and actually, I have the following tasks to do. I want to ask you if I did well on this one and if you could me help with any tasks I'm missing:
Context:
I was deploying Splunk in a VM (Linux - Ubuntu). Splunk by itself generated events, and my tasks are the following:
Amount of different indexes - Single value
A:/ index=_* | stats distinct_count(index)
As a single value in screen it show me "4".
Index with the highest event count - Single value
A:/ I did index=_* | stats count by index | sort - count", it show me "_internal
as the highest value
Indexes distribution events:
_internal - timechart.
_thefishbucket - timechart
I don't understand yet. Could someone who understands this please explain it to me because I don't get it...
I don't know if is something like index=_internal | timechart count usenull=f useother=f | sort - count
would work...
index=_* | stats count by index
. Eventually, it showed me a pie chart with the information that I needed (that's what I think)I don't know if the points that I solved are fine.
Beforehand, I appreciate your help with this topic.
Warm regards,
Hi @hurt,
I can tell you that much:
You made a fine decision choosing Splunk and joining us "the Splunkers" on their ever-awesome journey with this product.
New people to Splunk are most-likely best off learning about the product in an easy way using the following link:
https://www.splunk.com/en_us/resources/getting-started.html
This link and the links on the site will give you a better understanding about what an awesome plattform splunk is.
Get back to me after that, if you have any further questions. 🙂
Regards,
pyro_wood