Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Mastering Splunk
  • Table Of Contents Toc
  • Feedback & Rating feedback
Mastering Splunk

Mastering Splunk

By : James D. Miller
2.7 (3)
Buy this Book
close
close
Mastering Splunk

Mastering Splunk

2.7 (3)
By: James D. Miller
Buy this Book

Overview of this book

This book is for those Splunk developers who want to learn advanced strategies to deal with big data from an enterprise architectural perspective. You need to have good working knowledge of Splunk.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. The Application of Splunk
chevron up
Icon
1. The Application of Splunk
Icon
The definition of Splunk
Icon
Universal file handling
Icon
Confidentiality and security
Icon
Conventional use cases
Icon
Splunk – outside the box
Icon
Splunk in action
Icon
Summary
2
2. Advanced Searching
Icon
2. Advanced Searching
Icon
Searching in Splunk
Icon
Knowledge management
Icon
Subsearching
Icon
Searching with parameters
Icon
Splunk macros
Icon
Search results
Icon
Summary
3
3. Mastering Tables, Charts, and Fields
Icon
3. Mastering Tables, Charts, and Fields
Icon
Tables, charts, and fields
Icon
Splunk bucketing
Icon
Drilldowns
Icon
Pivot
Icon
Split
Icon
Column values
Icon
Pivot table formatting
Icon
A quick example
Icon
Sparklines
Icon
Summary
4
4. Lookups
Icon
4. Lookups
Icon
Introduction
Icon
Configuring a simple field lookup
Icon
Command roundup
Icon
Summary
5
5. Progressive Dashboards
Icon
5. Progressive Dashboards
Icon
Creating effective dashboards
Icon
Form searching
Icon
Going back to dashboards
Icon
More on searching
Icon
Dynamic drilldowns
Icon
Real-world, real-time solutions
Icon
Summary
6
6. Indexes and Indexing
Icon
6. Indexes and Indexing
Icon
The importance of indexing
Icon
What is a Splunk index?
Icon
Indexes, indexers, and clusters
Icon
Managing Splunk indexes
Icon
Dealing with multiple indexes
Icon
Deleting your indexes and indexed data
Icon
Configuring indexes
Icon
Moving your index database
Icon
Spreading out your Splunk index
Icon
Size matters
Icon
Hitting the limits
Icon
Summary
7
7. Evolving your Apps
Icon
7. Evolving your Apps
Icon
Basic applications
Icon
BYO or build your own apps
Icon
App FAQs
Icon
The end-to-end customization of Splunk
Icon
Preparation for app development
Icon
Summary
8
8. Monitoring and Alerting
Icon
8. Monitoring and Alerting
Icon
What to monitor
Icon
Advanced monitoring
Icon
Location, location, location
Icon
Leveraging your forwarders
Icon
Can I use apps?
Icon
Windows inputs in Splunk
Icon
Getting started with monitoring
Icon
What does Splunk do with the data it monitors?
Icon
Splunk
Icon
Viewing the Splunk Deployment Monitor app
Icon
All about alerts
Icon
Editing alerts
Icon
Scheduled or real time
Icon
Extended functionalities
Icon
Summary
9
9. Transactional Splunk
Icon
9. Transactional Splunk
Icon
Transactions and transaction types
Icon
Transaction search
Icon
Advanced use of transactions
Icon
Summary
10
10. Splunk – Meet the Enterprise
Icon
10. Splunk – Meet the Enterprise
Icon
General concepts
Icon
Best practices
Icon
Definition of Splunk knowledge
Icon
Strategic knowledge management
Icon
Splunk object management with knowledge management
Icon
Naming conventions for documentation
Icon
Testing
Icon
Retrofitting
Icon
The enterprise vision
Icon
Summary
11
A. Quick Start
Icon
A. Quick Start
Icon
Topics
Icon
Where and how to learn Splunk
Icon
Certifications
Icon
The Splunk documentation
Icon
www.splunk.com
Icon
Splunk answers
Icon
Splunkbase
Icon
The support portal
Icon
The Splexicon
Icon
The "How-to" tutorials
Icon
User conferences, blogs, and news groups
Icon
Professional services
Icon
Obtaining the Splunk software
Icon
An environment to learn in
Icon
Summary
12
Index
Icon
Index

Universal file handling

Splunk has the ability to read all kinds of data—in any format—from any device or application. Its power lies in its ability to turn this data into operational intelligence (OI), typically out of the box and without the need for any special parsers or adapters to deal with particular data formats.

Splunk uses internal algorithms to process new data and new data sources automatically and efficiently. Once Splunk is aware of a new data type, you don't have to reintroduce it again, saving time.

Since Splunk can work with both local and remote data, it is almost infinitely scalable. What this means is that the data that you are interested in can be on the same (physical or virtual) machine as the Splunk instance (meaning Splunk's local data) or on an entirely different machine, practically anywhere in the world (meaning it is remote data). Splunk can even take advantage of Cloud-based data.

Generally speaking, when you are thinking about Splunk and data, it is useful to categorize your data into one of the four types of data sources.

In general, one can categorize Splunk data (or input) sources as follows:

  • Files and/or directories: This is the data that exists as physical files or locations where files will exist (directories or folders).
  • Network events: This will be the data recorded as part of a machine or environment event.
  • Windows sources: This will be the data pertaining to MS Windows' specific inputs, including event logs, registry changes, Windows Management Instrumentation, Active Directory, exchange messaging, and performance monitoring information.
  • Other sources: This data source type covers pretty much everything else, such as mainframe logs, FIFO queues, and scripted inputs to get data from APIs and other remote data interfaces.
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Mastering Splunk
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon