Mastering Splunk

Book Image

Mastering Splunk

By : James D. Miller

Book Image

Mastering Splunk

By: James D. Miller

Overview of this book

Mastering Splunk

Mastering Splunk

Credits

About the Author

About the Author

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Preface

Free Chapter

The Application of Splunk

The Application of Splunk

The definition of Splunk

Universal file handling

Confidentiality and security

Conventional use cases

Splunk – outside the box

Splunk in action

Advanced Searching

Advanced Searching

Searching in Splunk

Knowledge management

Searching with parameters

Mastering Tables, Charts, and Fields

Mastering Tables, Charts, and Fields

Tables, charts, and fields

Splunk bucketing

Pivot table formatting

A quick example

Lookups

Configuring a simple field lookup

Command roundup

Progressive Dashboards

Progressive Dashboards

Creating effective dashboards

Going back to dashboards

More on searching

Dynamic drilldowns

Real-world, real-time solutions

Indexes and Indexing

Indexes and Indexing

The importance of indexing

What is a Splunk index?

Indexes, indexers, and clusters

Managing Splunk indexes

Dealing with multiple indexes

Deleting your indexes and indexed data

Configuring indexes

Moving your index database

Spreading out your Splunk index

Hitting the limits

Evolving your Apps

Evolving your Apps

Basic applications

BYO or build your own apps

The end-to-end customization of Splunk

Preparation for app development

Monitoring and Alerting

Monitoring and Alerting

What to monitor

Advanced monitoring

Location, location, location

Leveraging your forwarders

Can I use apps?

Windows inputs in Splunk

Getting started with monitoring

What does Splunk do with the data it monitors?

Viewing the Splunk Deployment Monitor app

All about alerts

Scheduled or real time

Extended functionalities

Transactional Splunk

Transactional Splunk

Transactions and transaction types

Transaction search

Advanced use of transactions

Splunk – Meet the Enterprise

Splunk – Meet the Enterprise

General concepts

Definition of Splunk knowledge

Strategic knowledge management

Splunk object management with knowledge management

Naming conventions for documentation

The enterprise vision

Quick Start

Where and how to learn Splunk

The Splunk documentation

The support portal

The "How-to" tutorials

User conferences, blogs, and news groups

Professional services

Obtaining the Splunk software

An environment to learn in

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Search results

When you run a Splunk search, you'll see that not all of the Splunk Web search results tabs (Events, Statistics, and Visualization) will be populated.

Event searches: If your search returns only events, only the Events results tab is populated
Transformational searches: If your search includes transforming commands, you can view the results in the Statistics and Visualization tabs (as well as in the Events tab)
Transformational commands: Transformational commands transform the event results into numerical values that Splunk can use for statistical purposes, that is, creating charts, tables, and graphs

Transforming commands include the following:

chart
timechart
stats
top
rare
contingency

Some basic Splunk search examples

To illustrate the differences in the results tabs, let's use an earlier search example. You might recall the following search (using a macro that we created):

`TM1Events("october/24/2007")`

This search is a simple events search and will only populate the...