Take the building blocks you learned in the simple filtering lesson to create an advanced compound search.
- [Josh] At this point we should have…all the building blocks of doing some more complex searches…just by combining what we've already seen.…Imagine a scenario where you're the operations manager…and you've got a troublesome engineer, who sometimes…just goes out and makes changes…to the production web servers without telling anyone.…This could be a serious issue, especially if your company…deals with sensitive information.…So you've noticed that one of the web servers…rebooted itself and you want to take a closer look…to see if you need to have a carefully worded conversation…with this engineer, or if there's some larger issue…at play here such as security being compromised.…
Let's begin with the search that we just used,…so I'll do a star and we'll look for eventtype equals…pam_unix_authentication and we'll also include…and by vagrant, we'll pretend the user's name is vagrant.…We'll hit Enter, that should filter down just to the times…when that user took on root privileges.…To find out if this user became root…
- Installing Splunk
- Filtering search data
- Advanced search syntax
- Creating reports and dashboards
- Creating alerts and actions
- Configuring remote data and multiple data streams
Skill Level Beginner
DevOps Foundations: Monitoring and Observabilitywith Ernest Mueller2h 12m Appropriate for all
1. Tour of Major Features
3. Reporting and Dashboards
5. Practical Splunk
Next steps1m 57s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.