1 00:00:00,210 --> 00:00:03,090 Now we have seen some of the basic searches. 2 00:00:03,330 --> 00:00:07,200 Let us see some of the most common searches for visualization. 3 00:00:07,710 --> 00:00:15,660 The most commonly used searches are are search commands or one stop, let me say top action. 4 00:00:15,660 --> 00:00:21,330 By default, it displays ten if you want 20 or let me say I'll limit it to five. 5 00:00:21,450 --> 00:00:24,360 So it displays only the top five action. 6 00:00:27,060 --> 00:00:28,290 Limit is equal to five. 7 00:00:28,320 --> 00:00:30,960 It displays just the top fi action. 8 00:00:31,500 --> 00:00:32,700 This means. 9 00:00:33,870 --> 00:00:35,940 In the last 24 hours. 10 00:00:35,940 --> 00:00:41,430 These are the top action values that are present in the logs of the audit. 11 00:00:41,550 --> 00:00:48,990 There were 949 searches, 325 acceleration, and these are some of the other functions of Splunk, which 12 00:00:48,990 --> 00:00:51,270 are inward internally. 13 00:00:52,040 --> 00:00:53,920 Now we are inter top. 14 00:00:53,930 --> 00:01:00,470 It provided me statistics so each statistics by default invoke visualization function. 15 00:01:01,580 --> 00:01:07,490 I had previously choose pie charts for my other demonstration, so it is showing me my pie chart. 16 00:01:07,760 --> 00:01:10,250 Let me change it to other recommended forms. 17 00:01:10,850 --> 00:01:11,840 It shows. 18 00:01:13,110 --> 00:01:13,960 A column chart. 19 00:01:14,310 --> 00:01:18,190 If I want a bar chart, I can just click and select bar chart. 20 00:01:18,210 --> 00:01:20,970 Let's say I'm not able to see the values here. 21 00:01:21,300 --> 00:01:27,760 Only if I move my cursor next to the selected bar. 22 00:01:27,780 --> 00:01:30,360 It shows me what is the action and what is the count? 23 00:01:30,390 --> 00:01:32,160 Let's say I want to see the count. 24 00:01:32,580 --> 00:01:34,230 I can click on format. 25 00:01:35,340 --> 00:01:41,910 Sure data values on it will display each values right next to the bar. 26 00:01:41,940 --> 00:01:43,260 Similarly with. 27 00:01:44,480 --> 00:01:45,410 Column chart. 28 00:01:50,430 --> 00:01:52,110 And by chart. 29 00:01:53,390 --> 00:02:01,610 In case if you want to display values using pie chart because the formatting option doesn't have that. 30 00:02:03,480 --> 00:02:04,140 Four. 31 00:02:04,230 --> 00:02:09,620 Pie chart to display the values you have other methods to display which we will be discussing, like 32 00:02:09,630 --> 00:02:12,920 how to search and plant a tattoo. 33 00:02:12,960 --> 00:02:18,840 Complete different module which covers almost 140 plus commands, which Splunk has. 34 00:02:19,080 --> 00:02:20,690 I'll write a small query. 35 00:02:20,700 --> 00:02:28,530 Probably it might look advanced, but trust me, over a period of time you'll feel it much easier. 36 00:02:33,030 --> 00:02:38,520 What I'm doing is I'm trying to add this action here. 37 00:02:39,940 --> 00:02:41,260 Along with search. 38 00:02:42,360 --> 00:02:51,330 Add these values also for the display do action is equal to action plus for contacting the string from 39 00:02:51,330 --> 00:02:56,100 search and 949 the search plus 949. 40 00:02:56,430 --> 00:03:00,450 So after search, I need a blank space. 41 00:03:02,020 --> 00:03:05,680 And I'm adding one more plus to add my count into it. 42 00:03:12,180 --> 00:03:14,840 As you can see, it is search 1981. 43 00:03:14,850 --> 00:03:20,250 If you want to still make it look good, you can add some text saying. 44 00:03:21,030 --> 00:03:25,590 Count ese or count colon, which makes it presentable. 45 00:03:25,590 --> 00:03:27,330 Search count is 989. 46 00:03:28,770 --> 00:03:33,090 There are not many ways you can play around with Splunk. 47 00:03:35,970 --> 00:03:41,250 We'll go through them one by one throughout the course so that once you finish this course, you should 48 00:03:41,250 --> 00:03:48,720 be able to take Splunk, power user, Splunk User and Splunk Admin, probably Splunk object. 49 00:03:48,840 --> 00:03:57,000 Also because we will be building our own Amazon enterprise level multi site clustering environment in 50 00:03:57,000 --> 00:03:57,600 the cloud. 51 00:03:57,810 --> 00:04:05,400 After this, probably you will have one complete experience of going through the real scenario of implementing 52 00:04:05,400 --> 00:04:05,970 this plan. 53 00:04:06,870 --> 00:04:08,790 Now let's come back to our search query. 54 00:04:08,820 --> 00:04:15,750 See, I've done I've added a braces for better presentation and I can see search count is 1000. 55 00:04:15,750 --> 00:04:19,260 If I go to visualization, I can see right next to my pie charts now. 56 00:04:20,230 --> 00:04:25,180 This is some of the ways that you can play around with Splunk. 57 00:04:25,210 --> 00:04:31,030 Probably when you get access to the demo environment in the cloud, which will be the package or the 58 00:04:31,030 --> 00:04:34,780 free access for all you guys as the complete package of. 59 00:04:35,540 --> 00:04:36,410 Discourse. 60 00:04:40,540 --> 00:04:41,950 This is one comment. 61 00:04:42,430 --> 00:04:49,840 Let's see what happens with stat command, which I'm counting by the same action field. 62 00:04:51,660 --> 00:04:53,910 If you see the difference between stats and count. 63 00:04:53,940 --> 00:05:02,670 Now we have 51 values where top display by default only ten top values whereas stat displays everything. 64 00:05:03,570 --> 00:05:08,640 Well, you can sort them by account or you have a sort command for doing that. 65 00:05:09,420 --> 00:05:16,050 You can sort by count which sorts at ascending or descending values these kind of information will be 66 00:05:16,050 --> 00:05:18,900 going through the later part of the tutorial. 67 00:05:19,650 --> 00:05:25,470 One more probably quick command would be rare because we have already seen top. 68 00:05:25,470 --> 00:05:26,550 Let's see rare. 69 00:05:27,270 --> 00:05:33,210 What it does is it gives us the least values in the last 24 hours for the action field. 70 00:05:34,320 --> 00:05:40,380 These are some of the least values or the bottom ten of the action values.