Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Implementing Splunk (Update)
  • Table Of Contents Toc
Implementing Splunk (Update)

Implementing Splunk (Update)

By : VINCENT BUMGARNER, James D. Miller
4.5 (4)
Buy this Book
close
close
Implementing Splunk (Update)

Implementing Splunk (Update)

4.5 (4)
By: VINCENT BUMGARNER, James D. Miller
Buy this Book

Overview of this book

If you are a data analyst with basic knowledge of Big Data analysis but no knowledge of Splunk, then this book will help you get started with Splunk. The book assumes that you have access to a copy of Splunk, ideally not in production, and many examples also assume you have administrator rights.
Table of Contents (15 chapters)
close
close
close
Preface
chevron up
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. The Splunk Interface
Icon
1. The Splunk Interface
Icon
Logging into Splunk
Icon
The home app
Icon
The top bar
Icon
The search & reporting app
Icon
Using the time picker
Icon
Using the field picker
Icon
The settings section
Icon
Summary
2
2. Understanding Search
Icon
2. Understanding Search
Icon
Using search terms effectively
Icon
Boolean and grouping operators
Icon
Clicking to modify your search
Icon
Using fields to search
Icon
Using wildcards efficiently
Icon
All about time
Icon
Making searches faster
Icon
Sharing results with others
Icon
Search job settings
Icon
Saving searches for reuse
Icon
Creating alerts from searches
Icon
Summary
3
3. Tables, Charts, and Fields
Icon
3. Tables, Charts, and Fields
Icon
About the pipe symbol
Icon
Using top to show common field values
Icon
Using stats to aggregate values
Icon
Using chart to turn data
Icon
Using timechart to show values over time
Icon
Working with fields
Icon
Summary
4
4. Data Models and Pivots
Icon
4. Data Models and Pivots
Icon
What is a data model?
Icon
What does a data model search?
Icon
Creating a data model
Icon
Lookup attributes
Icon
What is a pivot?
Icon
A quick example
Icon
Sparklines
Icon
Summary
5
5. Simple XML Dashboards
Icon
5. Simple XML Dashboards
Icon
The purpose of dashboards
Icon
Using wizards to build dashboards
Icon
Converting the panel to a report
Icon
Back to the dashboard
Icon
Editing XML directly
Icon
UI examples app
Icon
Building forms
Icon
Features replaced
Icon
Autorun dashboard
Icon
Scheduling the generation of dashboards
Icon
Summary
6
6. Advanced Search Examples
Icon
6. Advanced Search Examples
Icon
Using subsearches to find loosely related events
Icon
Using transaction
Icon
Determining concurrency
Icon
Calculating events per slice of time
Icon
Rebuilding top
Icon
Acceleration
Icon
Summary
7
7. Extending Search
Icon
7. Extending Search
Icon
Using tags to simplify search
Icon
Using event types to categorize results
Icon
Using lookups to enrich data
Icon
Using macros to reuse logic
Icon
Creating workflow actions
Icon
Using external commands
Icon
Summary
8
8. Working with Apps
Icon
8. Working with Apps
Icon
Defining an app
Icon
Included apps
Icon
Installing apps
Icon
Building your first app
Icon
Editing navigation
Icon
Customizing the appearance of your app
Icon
Object permissions
Icon
The app directory structure
Icon
Summary
9
9. Building Advanced Dashboards
Icon
9. Building Advanced Dashboards
Icon
Reasons for working with advanced XML
Icon
Reasons for not working with advanced XML
Icon
The development process
Icon
The advanced XML structure
Icon
Converting simple XML to advanced XML
Icon
Module logic flow
Icon
Understanding layoutPanel
Icon
Reusing a query
Icon
Using intentions
Icon
Creating a custom drilldown
Icon
Third-party add-ons
10
10. Summary Indexes and CSV Files
Icon
10. Summary Indexes and CSV Files
Icon
Understanding summary indexes
Icon
When to use a summary index
Icon
When not to use a summary index
Icon
Populating summary indexes with saved searches
Icon
Using summary index events in a query
Icon
Using sistats, sitop, and sitimechart
Icon
How latency affects summary queries
Icon
How and when to backfill summary data
Icon
Reducing summary index size
Icon
Calculating top for a large time frame
Icon
Using CSV files to store transient data
Icon
Summary
11
11. Configuring Splunk
Icon
11. Configuring Splunk
Icon
Locating Splunk configuration files
Icon
The structure of a Splunk configuration file
Icon
The configuration merging logic
Icon
An overview of Splunk .conf files
Icon
User interface resources
Icon
Summary
12
12. Advanced Deployments
Icon
12. Advanced Deployments
Icon
Planning your installation
Icon
Splunk instance types
Icon
Common data sources
Icon
Sizing indexers
Icon
Planning redundancy
Icon
Working with multiple indexes
Icon
Deploying the Splunk binary
Icon
Using apps to organize configuration
Icon
Configuration distribution
Icon
Using LDAP for authentication
Icon
Using Single Sign On
Icon
Load balancers and Splunk
Icon
Multiple search heads
Icon
Summary
13
13. Extending Splunk
Icon
13. Extending Splunk
Icon
Writing a scripted input to gather data
Icon
Using Splunk from the command line
Icon
Querying Splunk via REST
Icon
Writing commands
Icon
Writing a scripted lookup to enrich data
Icon
Writing an event renderer
Icon
Writing a scripted alert action to process results
Icon
Hunk
Icon
Summary
14
Index
Icon
Index

Preface

Splunk is a powerful tool to collect, store, alert, report, and study machine data. This machine data usually comes from server logs, but it could also be collected from other sources. Splunk is, by far, the most flexible and scalable solution available to tackle the huge problem of making machine data useful.

The goal of the original version of this book was to serve as an organized and curated guide to Splunk 4.3. This version endeavors to preserve that objective, while focusing on the latest version (at the time of writing) of Splunk—6.2.0. In fact, care has been taken to call out the differences between the versions. In addition, new content has been added, covering search acceleration methods, backfilling, data replication, and Hunk.

As the documentation and community resources available to Splunk are vast, finding important pieces of knowledge can be daunting at times. My goal is to present what is needed for the effective implementation of Splunk in as concise and useful a manner as possible.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Implementing Splunk (Update)
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon