Exploring Splunk: Search Processing Language (SPL) Primer and Cookbook by David Carraso.
From the webpage:
Splunk is probably the single most powerful tool for searching and exploring data you will ever encounter. Exploring Splunk provides an introduction to Splunk — a basic understanding of Splunk’s most important parts, combined with solutions to real-world problems.
Part I: Exploring Splunk
- Chapter 1 tells you what Splunk is and how it can help you.
- Chapter 2 discusses how to download Splunk and get started.
- Chapter 3 discusses the search user interface and searching with Splunk.
- Chapter 4 covers the most commonly used search commands.
- Chapter 5 explains how to visualize and enrich your data with knowledge.
Part II: Solution Recipes
- Chapter 6 covers the most common monitoring and alerting solutions.
- Chapter 7 covers the most common transaction solutions.
- Chapter 8 covers the most common lookup table solutions.
My Transaction Searching: Unifying Field Names post is based on an excerpt from this book.
You can download the book in ePub, pdf or Kindle versions or order a hardcopy.
Documentation that captures the interest of a reader.
Not that warns them software is going to be painful, even if in the long term beneficial.
Most projects could benefit from using “Exploring Splunk” as a model for introductory documentation.