main − This is Splunk's default index where all the processed data is stored. Internal − This index is where Splunk's internal logs and processing metrics are stored. audit − This index contains events related to the file system change monitor, auditing, and all user history.
Praveen you did not see error because you were searching in the last 24 hours. If you expanded your time criteria you most likely will run into "error"
When adding INFO in the search bar, how will the results change compared to if it was not inserted? ex. index="main" INFO vs index="main" Also, great video!!!!! It is a fantastic resource for learning Splunk!
awesome content, thanks
Glad to hear that..
Great!
Glad that you liked it
great informational video, thanks!
Glad that you liked it..
Thanks for this great video Praveen!!! Much appreciated
Glad to hear that
33:53 Module 2 Fields, Search Modes etc.
1:06:53 Module 3 Search Best Practices.
1:26:30 Splunk search language, syntax and it's components. commands table dedup fields sort.
Thanks
th-cam.com/video/2lUPwWnY65E/w-d-xo.html Splunk Reports, Creating and Working with Splunk Reports
3:07 th-cam.com/video/2lUPwWnY65E/w-d-xo.html Creating Dashboard
th-cam.com/video/2lUPwWnY65E/w-d-xo.html scheduling report
3:25:14
Thank you
:)
@praveen do you offer Splunk Cloud Administration training ?
Thanks for the interest.. I will be giving in future..will let you know once i plan for it..
Is both Splunk enterprise and splunk cloud both are same
For user level its almost same..
also what the difference in using different indexes i mean _internal , main whats the difference
main − This is Splunk's default index where all the processed data is stored.
Internal − This index is where Splunk's internal logs and processing metrics are stored.
audit − This index contains events related to the file system change monitor, auditing, and all user history.
Praveen you did not see error because you were searching in the last 24 hours. If you expanded your time criteria you most likely will run into "error"
Okay
where to get that practice data used by you
You can create by your own data.. please let me know if you need specific data from specific tutorial.. I will provide if I have handy
When adding INFO in the search bar, how will the results change compared to if it was not inserted? ex. index="main" INFO vs index="main"
Also, great video!!!!! It is a fantastic resource for learning Splunk!
Thanks for the feedback.. index=main is key value.. and index=main INFO is a key value and the string INFO..
You have "Like, comment,share....." on the screen that covers half the screen and you can't see the video. Really.
Thanks for the feedback..