.configfile which specifies the location of my data, before it would be ingested. This made it difficult for me as it meant that for every small data set I would still need to tell it what the headers and data types are. Splunk on the other hand, I managed to upload data by simply clicking on the Web UI and uploading a CSV file.
splunk add oneshot sonar.json.gzto get it into Splunk. It took a while to get the data in, but once it's done, searches are blazing fast. If your data is smaller than 500MB, you can even use the Web UI:
13.13times longer to search using grep compared to within Splunk.
name="*.uber.com" | stats values(name) by value | iplocation value | geostats count by Cityto get:
name="*.uber.com" | stats values(name) by value | iplocation value | search Country="United States"
*.to the front of the name using a simple regex replace. Place this file and name it Book1.csv (well I did) into
C:\Program Files\Splunk\etc\system\lookups. Then make a search for:
splunk add oneshot input.csv -index passwords -sourcetype csv -hostname passwords -auth "admin:changeme"and we're good to go!
inputlookup. Instead, we will use
*.domain.com, and set a header field of
email.Run a query: