Today we review search processors in Splunk. There are several processors that can be invoked to get the desired search results. These often translate to the search operators in the expression and follow a pipeline model.  The pipeline is a way to redirect the output of one operator into the input of another. All of these processors implement a similar execute method that takes SearchResults and SearchResultsInfo as arguments. The processors also have a setup and initialization method where they process the arguments to the operators. The model is simple and portable to any language
We will now look at some of these processors in detail.
We have the Rex processor that implements the Rex operations on the search results. If needed, it generates a field that contains the start/end offset of each match. And creates a mapping for groupId to key index if and only if not in sed mode.
We have the query suggestor operator which suggests useful keywords to be added to your search. This works by ignoring some keywords and keeping a list of samples.
The Head processor iterated over the results to display only the truncated set.
The tail processor shows the last few results.

In the previous post we mentioned fields and table operators. We will round up the discussion with the removal of cell values, columns and rows in a result set. When we want to filter a result set, we can work at it by removing one cell after the other as we traverse the columns and rows. This gives us the highest granularity to cut the result set in the shape we want. However, this as you can see is also an expensive operation. Is there a better way to optimize that ? Yes there is. One way to do that would be to remove just the fields so the cells remain but are not listed and the user has specified the choices at the field level. Note that iterating over the rows to filter out the ones that don't match the criteria is still required but it is as inexpensive as not including a pointer. Thus we can project exclusively on fields to handle the functionality of both the fields as well as the table operator. In the case where we have a large number of results to run through, this method is fairly efficient and takes little time to execute. In order to match the fields with the choices of (+/-) to include or exclude them we can just test for whether the - sign or remove attribute has been specified and compare it with the match for a search criteria. If the remove attributes is present and there is a match, we can exclude the field. If the remove attribute is absent and there is no match, then too the field can be excluded. This way we succinctly check for whether the fields are to be removed. This is not the same for the table operator. In the case of table there is no syntax for remove attribute. Hence the check for the natch to include only the columns specified is required.

In this post, we will discuss some of the core features of Splunk. In particular we will be discussing how the fields operator is different from the table operator. Both of these operator are something that can be specified in the search bar. So they work to project different fields or columns of the data. In the case of the fields operator, raw results are returned that are similar to the original search results but only that that are satisfied by the presence of the fields. If we wish to exclude the fields, we can specify the negative sign as the first argument before the fields.  The presence of the positive sign is optional as it is understood. The table operator works in selecting columns in the way just like any projection operator will do. These are based on enumerating all the available columns and selecting only a few of the columns for projection.  As you can see both the fields as well as the table operator are both similar in selecting fields specified by the user from the available list of fields. These fields have to be those available from the header and or defined by the user. The fields are not restricted in earlier versions to exclude indexed fields or reserved fields. But there is  an argument favoring their exclusion since the users sees the fields extracted anyways and there won't be any change in behavior otherwise. The presence of the indexed fields is different though. The indexed fields are different because they are used and should not be excluded from the search results. Again this means that there won't be any change in behavior to the user because these fields are automatically extracted and displayed to the user. Behind the scenes, how this happens in earlier versions is that the different  reserved fields are added to the operators during the search dispatch internally but just not handled within the processor of the operator itself. So the user doesn't see a change when we remove the explicit addition of some reserved fields when they could have become obsolete or replaced. They would have been better consolidated into the processor logic itself. The most important thing here is that the table and the fields operator have different output formats and a fields operator can specify the table operator to modify the results.

Today I'm going to cover a new book as discussed in the previous post. This book talks about fostering and maintaining organizational excellence. It's not only about executing in the short term but also about maintaining health over a long term.  To create a culture of continuous improvement,  the authors recommend a process with steps to aspire; assess; architect, act and advance. Health is defined in terms of nine elements.
Direction- where to head
Leadership-
Culture and climate-
Accountability-
Co ordination and control
capabilities
motivation
external orientation
Innovation and learning
To aspire, we can be leadership driven, or have an execution edge or build from market focus or have a knowledge core.
To architect, we need to identity the right set of initiatives and define each initiative with a compelling story.
To act we choose the right delivery model and define the change engine with a structure, ownership and evaluation. To advance we seek a continuous improvement infrastructure that is built on meaning, framing, connecting and engaging.

Today we will continue to discuss the book we started in yesterday's blogpost. Tomorrow we will discuss book Beyond Performance. In yesterday's post we discussed the five principles as : define the purpose,  engage multiple perspectives, frame the issues;  set the scene and make it an experience. We will review this in detail now.
When defining the purpose, it is important to design the session well so as to unlock the interdisciplinary solution.  If the participants are unfamiliar with the issue,  they may need an educative session first. If the participants are well aware of the issues but are spinning the wheels, they may need a making choices session.
When engaging multiple perspectives, it is important to find the right mix of people. Sometimes this can mean a dream team other times it could mean fresh blood
A common platform should be created to improve creative collaboration. This can be done with a group identity, a common target,  interactions and sharing.
When framing the issues,  it is a key practice to establish boundaries and scope.  The mindsets of the participants should be stretched but not broken by carefully keeping the contents and perspectives in balance.
When setting the scene, it is important to pay attention to every detail that can help with the collaboration.
When making it an experience, it is important to consider the whole person and his/her thinking inside box.

Today we review another book. In the book, Moments of Impact, the authors Ertel and Solomon explore how to design strategic conversations that accelerate change. With a whirlwind of activities, leaders have to tackle a variety of multifaceted challenges that require collaborations between groups.   However the standard way to do it is with meetings and they just don't cut it.
Strategic conversations lead to deep insights by combining the best ideas of people with different backgrounds and perspectives.  The authors suggest a simple creative process  that leaders and their teams can use to find solutions to complex problems.
The difference between a strategic conversation and a regular meeting is that the former has its own distinct type often engaging participants analytically, creatively and emotionally. Routine checkins,  formal board meetings, work well for a vast majority of meetings and they too require participants, objective and content but a strategic conversation is a little bit more.
The core principles are :
declare the objectives - define the purpose
identify the participants - engage multiple perspectives
assemble content - frame the issues
find a venue - set the scene
and set the agenda - make it an experience.
Courtesy : Summary.com

Today we discuss the summary of another book. In the book the 4 disciplines of execution, authors - McChesney, Covey and Huling discuss ways for an organization to achieve its goal. The 4 disciplines of execution (4DX) is mentioned as a simple repeatable and proven formula for executing the most important strategic priorities in the midst of the whirlwind. The disciplines include focusing on the priority, acting on lead measures, keeping a compelling scoreboard, and creating a cadence of accountability. 4DX is a proven formula not a theory.
The first discipline - focusing on the wildly important goal (WIG) - helps channel the energy to the one or two goals that can make the most impact.
To get the organization to focus, the authors recommend that
1) No team focuses on more than two WIGs at the same time
2) The battles chosen must win the war.
3) Senior leaders can veto but not dictate.
4) Every WIG at every level must have a measurable result that can be said to be its finish line.
The second discipline - act on the lead measures - is a way to predictively measure the progress in closing the gap to the goal. A lag measure is one that talks about things that happened.  A lead measure is one that talks about how likely we can achieve a goal. The more we act on a lead measure the more likely we are to meet our goal. As an example, a lead measure for winning a game could be to get the most number of runs and suggest that those players be brought on board who could get to base more often rather than the costly power hitters. Another example cited was how the folks at the Savannah Morning News closed a serious revenue gap by hitting a certain number of new customer contacts, reactivation contacts, and upsell offers every week. The lead measure chosen should be simple and clear to all so that everyone feels inclined to participate.
The third discipline is about keeping a compelling scorecard. This is the discipline of engagement. If the lead and lag measures are not captured on a visual scoreboard and updated regularly, they will disappear into the whirlwind. Great teams must know at all times where they are with the game.
In fact when designing the scoreboard, an audience would want to know if its simple, if it can be seen easily, if it shows lead and lag measures and if we can tell at a glance whether the team is winning.
The fourth discipline is to create a cadence of accountability. This involves a frequently recurring cycle of accountability for past performance and planning to move the score forward. This is where the rubber meets the road.
4DX is not a set of guidelines but a set of disciplines. The way to go about it is to execute it in stages where the team first gets the WIGs clear, launches it and spends time on adoption followed by optimization and lastly by sharing the past success and taking on new ones as a habit.
When implementing discipline 1, we begin by brainstorming possible WIGs, followed by ranking its impact, testing the WIGs to see if it works, and then defining the WIGs with a verb, lag measure and the accountability.
When implementing discipline 2, we strive to identify those that are more predictive, influenceable, measurable and worth measuring and then spend some time defining it.
When implementing discipline 3, we choose a theme, design the scorecard, build it and keep it updated.
When implementing discipline 4, we demonstrate respect for the participation, reinforce accountability, and encourage performance.
The authors argue that 4DX works very well in aspects of life such as personal goals, be it running a marathon, finishing a degree, or learning a new sport.