ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
Splunk Data Models and How to Leverage EventTypes
ฝัง
- เผยแพร่เมื่อ 21 พ.ย. 2022
- Datamodels are a valuable tool in Splunk and through the usage of eventtypes, an analyst can gain a lot of powerful tools to ensure reusable code in their Splunk Apps. This tutorial will explain the reasons to use eventtypes and how to leverage tagging so that eventtypes can be used in data models.
Splunk Data Models and why you should use them • Splunk Data Models - W...
Getting the data model restricted to specific indexes • Splunk Data Models Res...
Eventtypes for the data model • Splunk Data Models and...
Tagging the data for the data model • Splunk Data Models and...
Field aliasing for the data model • Splunk Data Model Fiel...
Converting a normal query into a tstats query - • Splunk How to Convert ...
Join this channel to get access to early release of videos and exclusive training videos that will help make you L.A.M.E. ninja:
/ @lamecreations_guides
Visit our discord channel to post questions and suggestions for what you want to learn. / discord
The latest L.A.M.E. Splunk apps are available at
www.github.com/lameCreations
Hello there, watching this video again, and it really helped a lot !
Why ?
I wanted to add some Splunk Security Essential UC into splunk but many searches didn't work since it's not CIM compliant.
Thanks to you, I was able to add the correct event type to the right index and everything worked.
Gotta work on field aliases now !
Thanks a lot
Glad that the video was able to help you out. Thanks for the kind feedback.