Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "The rpm will install Splunk in the /opt/splunk directory"

A block of code is set as follows:

index=<index> <filter> <"text string to match"> 
| command1 <arguments> 
| command2 <arguments> 
| visualization commands & arguments

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

hot bucket (files being written to)
/opt/splunk/var/lib/splunk/myindex/db/hot_v1_41
warm bucket (closed for writing, searchable)
/opt/splunk/var/lib/splunk/myindex/db/db_1530043376_1529957920_40/
cold bucket (searchable, may reside on different storage)
/opt/splunk/var/lib/splunk/myindex/colddb/db_1508276979_1508276438_0/

Any command-line input or output is written as follows:

$ sudo su - splunk                don't forget this step! 
$ cd $SPLUNK_HOME/bin 
$ ./splunk start --accept-license 

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "You can now click Settings | Fields | Field extractions and view the list of all the field extractions, including the one you just created."