Chapter 6. Diving Deeper – Advanced Searching
In this chapter, we will cover some of the more advanced search commands available within Splunk. We will cover the following recipes:
- Calculating the average session time on a website
- Calculating the average execution time for multi-tier web requests
- Displaying the maximum concurrent checkouts
- Analyzing the relationship of web requests
- Predicting website-traffic volumes
- Finding abnormally sized web requests
- Identifying potential session spoofing
Introduction
In the previous chapter, we learned about Splunk's new data model and Pivot functionality and how they can be used to further intelligence reporting. In this chapter, we will return to Splunk's SPL, diving deeper and making use of some very powerful search commands to facilitate a better understanding and correlation of event data. You will learn how to create transactions, build subsearches and understand concurrency, leverage field associations, and so on.
Looking at...