Book Image

Splunk 7 Essentials - Third Edition

By : J-P Contreras, Steven Koelpin, Erickson Delgado, Betsy Page Sigman
Book Image

Splunk 7 Essentials - Third Edition

By: J-P Contreras, Steven Koelpin, Erickson Delgado, Betsy Page Sigman

Overview of this book

Splunk is a search, reporting, and analytics software platform for machine data, which has an ever-growing market adoption rate. More organizations than ever are adopting Splunk to make informed decisions in areas such as IT operations, information security, and the Internet of Things. The first two chapters of the book will get you started with a simple Splunk installation and set up of a sample machine data generator, called Eventgen. After this, you will learn to create various reports, dashboards, and alerts. You will also explore Splunk's Pivot functionality to model data for business users. You will then have the opportunity to test-drive Splunk's powerful HTTP Event Collector. After covering the core Splunk functionality, you'll be provided with some real-world best practices for using Splunk, and information on how to build upon what you've learned in this book. Throughout the book, there will be additional comments and best practice recommendations from a member of the SplunkTrust Community, called "Tips from the Fez".
Table of Contents (10 chapters)

Splunk – Getting Started

Splunk is a multinational software company that offers its core platform, Splunk Enterprise, as well as many related offerings built on the Splunk platform. Cofounded by Michael Baum, Rob Das, and Erik Swan, Splunk's name was inspired by the process of exploring caves, or spelunking. The Splunk platform helps a wide variety of organizational personas, such as analysts, operators, developers, testers, managers, and executives. They get analytical insights from machine-created data. Splunk collects, stores, and provides powerful analytical capabilities, enabling organizations to act on often powerful insights derived from this data.

The Splunk Enterprise platform was built with IT operations in mind. When companies had IT infrastructure problems, troubleshooting and solving problems was immensely difficult, complicated, and manual. Splunk was built to collect and make log files from IT systems searchable and accessible. Splunk is commonly used for information security and development operations, as well as more advanced use cases for custom machines, Internet of Things, and mobile devices.

Throughout the book, we will be covering the fundamental concepts of Splunk so that you can learn quickly and efficiently. As the concepts become more complex, we reserve their deep discussion for Splunk's online documentation or the vibrant Splunk online community at http://docs.splunk.com. Wherever necessary, we provide links to help provide you with the practical skills and examples so that you can get started quickly.

With very little time, you can achieve direct results using Splunk, which you can access through a free enterprise trial license. While this license limits you to 500 MB of data ingested per day, it will allow you to quickly get up to speed with Splunk and learn the essentials of this powerful software.

If you follow what we've written closely, we believe you will quickly learn the fundamentals you need to use Splunk effectively. Together, we will make the most of the trial license and give you a visible result that you can use to create valuable insights for your company.

Towards the end of the book, we will cover concepts to extend Splunk to your organization, and cover the vast Splunk community and online ecosystem.

Tip from the Fez: Splunk sponsors a community known as Splunk Trust. Splunk Trust is made up of bright Splunk minds from around the world, who actively and successfully participate in the Splunk community, especially through the Splunk answers online site. A logo associated with this community is based on the historical headdress and named after the city of Fez, Morocco. Many fraternal organizations have adopted the use of a Fez, most notably in the United States by the Shriners organization. Throughout this book, we will tap into one of Splunk Trust's members to provide some additional best practice recommendations.