Splunk Operational Intelligence Cookbook - Third Edition

By : Josh Diakun, Paul R. Johnson, Derek Mock

Splunk Operational Intelligence Cookbook - Third Edition

By: Josh Diakun, Paul R. Johnson, Derek Mock

Overview of this book

Splunk makes it easy for you to take control of your data, and with Splunk Operational Cookbook, you can be confident that you are taking advantage of the Big Data revolution and driving your business with the cutting edge of operational intelligence and business analytics. With more than 80 recipes that demonstrate all of Splunk’s features, not only will you find quick solutions to common problems, but you’ll also learn a wide range of strategies and uncover new ideas that will make you rethink what operational intelligence means to you and your organization. You’ll discover recipes on data processing, searching and reporting, dashboards, and visualizations to make data shareable, communicable, and most importantly meaningful. You’ll also find step-by-step demonstrations that walk you through building an operational intelligence application containing vital features essential to understanding data and to help you successfully integrate a data-driven way of thinking in your organization. Throughout the book, you’ll dive deeper into Splunk, explore data models and pivots to extend your intelligence capabilities, and perform advanced searching with machine learning to explore your data in even more sophisticated ways. Splunk is changing the business landscape, so make sure you’re taking advantage of it.

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Free Chapter

Play Time – Getting Data In

Introduction

Indexing files and directories

Getting data through network ports

Using scripted inputs

Using modular inputs

Using the Universal Forwarder to gather data

Receiving data using the HTTP Event Collector

Getting data from databases using DB Connect

Loading the sample data for this book

Data onboarding – defining field extractions

Data onboarding - defining event types and tags

Installing the Machine Learning Toolkit

Diving into Data – Search and Report

Introduction

Making raw event data readable

Finding the most accessed web pages

Finding the most used web browsers

Identifying the top-referring websites

Charting web page response codes

Displaying web page response time statistics

Listing the top-viewed products

Charting the application's functional performance

Charting the application's memory usage

Counting the total number of database connections

Dashboards and Visualizations - Make Data Shine

Introduction

Creating an Operational Intelligence dashboard

Using a pie chart to show the most accessed web pages

Displaying the unique number of visitors

Using a gauge to display the number of errors

Charting the number of method requests by type and host

Creating a timechart of method requests, views, and response times

Using a scatter chart to identify discrete requests by size and response time

Creating an area chart of the application's functional statistics

Using metrics data and a trellis layout to monitor physical environment operating conditions

Using a bar chart to show the average amount spent by category

Creating a line chart of item views and purchases over time

Building an Operational Intelligence Application

Introduction

Creating an Operational Intelligence application

Adding dashboards and reports

Organizing the dashboards more efficiently

Dynamically drilling down on activity reports

Creating a form for searching web activity

Linking web page activity reports to the form

Displaying a geographical map of visitors

Highlighting average product price

Scheduling the PDF delivery of a dashboard

Extending Intelligence – Datasets, Modeling and Pivoting

Introduction

Creating a data model for web access logs

Creating a data model for application logs

Accelerating data models

Pivoting total sales transactions

Pivoting purchases by geographic location

Pivoting slowest responding web pages

Pivot charting top error codes

Diving Deeper – Advanced Searching, Machine Learning and Predictive Analytics

Introduction

Calculating the average session time on a website

Calculating the average execution time for multi-tier web requests

Displaying the maximum concurrent checkouts

Analyzing the relationship of web requests

Predicting website traffic volumes

Finding abnormally-sized web requests

Identifying potential session spoofing

Detecting outliers in server response times

Forecasting weekly sales

Summary

Enriching Data – Lookups and Workflows

Introduction

Looking up product code descriptions

Flagging suspect IP addresses

Creating a session state table

Adding hostnames to IP addresses

Searching ARIN for a given IP address

Triggering a Google search for a given error

Generating a chat notification for application errors

Looking up inventory from an external database

Being Proactive – Creating Alerts

Introduction

Alerting on abnormal web page response times

Alerting on errors during checkout in real time

Alerting on abnormal user behavior

Alerting on failure and triggering a chat notification

Alerting when predicted sales exceed inventory

Generating alert events for high sensor readings

Speeding Up Intelligence – Data Summarization

Introduction

Calculating an hourly count of sessions versus completed transactions

Backfilling the number of purchases by city

Displaying the maximum number of concurrent sessions over time

Above and Beyond – Customization, Web Framework, HTTP Event Collector, REST API, and SDKs

Introduction

Customizing the application navigation

Adding a Sankey diagram of web hits

Developing a tag cloud of purchases by country

Adding Cell Icons to Highlight Average Product Price

Remotely querying Splunk's REST API for unique page views

Creating a Python application to return unique IP addresses

Creating a custom search command to format product names

Collecting data from remote scanning devices

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Installing the Machine Learning Toolkit

The Splunk Machine Learning Toolkit extends Splunk with additional search commands, visualizations, assistants, and examples to assist in developing and working with machine learning concepts. Machine learning tools and processes can be applied to your Splunk data to assist in predictive analytics, trending, anomaly detection, and outlier detection.

This recipe will show you how to install the Machine Learning Toolkit and the necessary prerequisites, which will be used in Chapter 6, Diving Deeper – Advanced Searching, Machine Learning, and Predictive Analytics.

For more information on the Machine Learning Toolkit, check out https://docs.splunk.com/Documentation/MLApp/latest/User/About.

Getting ready

To step through this recipe, you will need a running Splunk server with the operational intelligence sample data loaded. No other prerequisites are required.

How to do it...

Follow these steps to define an event type and associated tag:

Log in to your Splunk server.
From the Apps menu in the upper left-hand corner of the home screen, click on the gear icon.
The Apps settings page will load. Then, click on the Browse More Apps button.
In the search field, enter Scientific Computing and press enter.
The search results will return multiple Python for Scientific Computing apps — one for each different supported operating system (Windows and Linux 32-bit or 64-bit). In the search results, click on the Install button for the app that matches the correct operating system you have Splunk installed on:
Enter your splunk.com credentials, check the checkbox to accept the terms and conditions, and click on Login and Install. Splunk should return with a message saying that the app was installed successfully.
If prompted to restart Splunk, click the Restart later button.
In the search field, enter Machine Learning and press enter.
In the search results, click on the Install button for Splunk Machine Learning Toolkit:

Enter your Splunk.com credentials, check the checkbox to accept the terms and conditions, and click on Login and Install. Splunk should return with a message saying that the app was installed successfully.
After the app has installed, click the Restart Splunk button. After Splunk restarts, log back in to Splunk. You should then, in the Apps launcher, see the Machine Learning Toolkit installed, as shown in the following screenshot:

How it works...

The Machine Learning Toolkit (MLTK) app is the main Splunk app that contains all the necessary knowledge objects and user interfaces that make working with machine learning possible. On its own, that would be enough to provide some basic functionality. However, to take advantage of more advanced machine learning concepts, Splunk needs to take advantage of additional Python libraries.

The Python for Scientific Computing add-on contains a Python interpreter bundled with the numpy, scipy, pandas, scikit-learn, and statsmodels libraries. These libraries are platform-specific, which is why the correct version must be installed.

The Machine Learning Toolkit also provides the ability to customize and extend the application with your own custom models and algorithms, which makes it a very powerful platform.

With the MLTK installed, you are now ready for Chapter 6, Diving Deeper - Advanced Searching, Machine Learning and Predictive Analytics.

Splunk Operational Intelligence Cookbook - Third Edition

By : Josh Diakun, Paul R. Johnson, Derek Mock

Splunk Operational Intelligence Cookbook - Third Edition

By: Josh Diakun, Paul R. Johnson, Derek Mock

Overview of this book

Related Content you might be interested in

Current Title:

Splunk Operational Intelligence Cookbook - Third Edition

Splunk 7 Essentials

Splunk 7.x Quick Start Guide

Mastering Splunk 8