Good evening guys,
I'm new using this tool, and actually, I have the following tasks to do. I want to ask you if I did well on this one and if you could me help with any tasks I'm missing:
Context:
I was deploying Splunk in a VM (Linux - Ubuntu). Splunk by itself generated events, and my tasks are the following:
Amount of different indexes - Single value
A:/ index=_* | stats distinct_count(index)
As a single value in screen it show me "4".
Index with the highest event count - Single value
A:/ I did index=_* | stats count by index | sort - count", it show me "_internal as the highest value
Indexes distribution events:
_internal - timechart.
_thefishbucket - timechart
I don't understand yet. Could someone who understands this please explain it to me because I don't get it...
I don't know if is something like index=_internal | timechart count usenull=f useother=f | sort - count would work...
Show in a pie chart the percentages of the total of events.
A:/ I did the following, in the tab "Dashboard", I created a pie panel with this information index=_* | stats count by index . Eventually, it showed me a pie chart with the information that I needed (that's what I think)
I don't know if the points that I solved are fine.
Beforehand, I appreciate your help with this topic.
Warm regards,
... View more