Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Splunk Best Practices

By : Travis Marlette

4.8 (5)

Splunk Best Practices

4.8 (5)

By: Travis Marlette

Overview of this book

This book will give you an edge over others through insights that will help you in day-to-day instances. When you're working with data from various sources in Splunk and performing analysis on this data, it can be a bit tricky. With this book, you will learn the best practices of working with Splunk. You'll learn about tools and techniques that will ease your life with Splunk, and will ultimately save you time. In some cases, it will adjust your thinking of what Splunk is, and what it can and cannot do. To start with, you'll get to know the best practices to get data into Splunk, analyze data, and package apps for distribution. Next, you'll discover the best practices in logging, operations, knowledge management, searching, and reporting. To finish off, we will teach you how to troubleshoot Splunk searches, as well as deployment, testing, and development with Splunk.

Preface

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Free Chapter

1. Application Logging

1. Application Logging

Loggers

Data types

Unstructured data

Summary

2. Data Inputs

2. Data Inputs

Agents

Data inputs

Deployment server

Summary

3. Data Scrubbing

3. Data Scrubbing

Heavy Forwarder management

Even data distribution

Manipulating raw data (pre-indexing)

Summary

4. Knowledge Management

4. Knowledge Management

Anatomy of a Splunk search

Best practices with search anatomy

Knowledge objects

Summary

5. Alerting

5. Alerting

Setting expectations

Anatomy of an alert

Custom commands/automated self-healing

Summary

6. Searching and Reporting

6. Searching and Reporting

General practices

Search modes

Advanced charting

Summary

7. Form-Based Dashboards

7. Form-Based Dashboards

Dashboards versus reports

Modules

Tokens

Building a form-based dashboard

Summary

8. Search Optimization

8. Search Optimization

Types of dashboard search panel

Raw data search

Shared searching using a base search

Report referenced panels

Data model/pivot referenced panels

Special notes

Summary

9. App Creation and Consolidation

9. App Creation and Consolidation

Types of apps

Consolidating search apps

Consolidating indexing/forwarding apps

Summary

10. Advanced Data Routing

10. Advanced Data Routing

Splunk architecture

Network segments

The data router

Summary

Knowledge objects

There are bunch of different types of knowledge object and different ways to use them in Splunk to make searching easier:

Knowledge Object	Description
Reports	Saved searches of specific data and visualizations
Alerts	Saved searches of specific data set to email an alert or commit an action when triggered
Events	A log string that is saved and given a name for later reference during a search query
Field extractions	Very specific values within a log event that can be extracted with regex; often things such as `user` or `dest_addr`
Tag	An ancillary category market for disparate yet similar event types/hosts/systems
Field alias	A second name given to a field within a sourcetype - for instance, user can be aliased to `src_user`
Lookups	Usually a `.csv` or KV store that enhances the integrity of the data being searched
Workflow actions	Usually a link to a URL or a `POST` action to gather data from another web source
Macro	A referenced series of functions...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Splunk Best Practices

Search

Your notes and bookmarks