Big data: the term itself suggests a large amount of data. Big data can be defined as high-volume, high-velocity, and high-variety information. Data is sometimes also referred to as logs generated from machines that can be used for the purpose of operations, engineering, business insight, analytics and prediction, and so on as the case may be.
Now, as we have a large amount of data, there is a need for a platform or tool that can be used to create visualizations and derive insights and patterns to make informed business decisions beforehand. To overcome all these challenges of big data, Splunk came into the picture. Splunk is a big data tool that generates insights and reveals patterns, trends, and associations from machine data. It is a powerful and robust big data tool used to derive real-time or near real-time insights, and it enables you to take informed corrective measures.
Splunk can be put to use for data generated from any source and available in a human readable format. As Splunk is a feature-rich tool, it becomes difficult for a Splunk user to start and make the best use of Splunk right away. This book takes the reader through a complete understanding of making the best and most efficient use of Splunk for machine data analytics and visualization. The book covers everything from which type of data can be uploaded to how to do it in an efficient way. It also covers creating applications and add-ons on Splunk, learning analytics commands, and learning visualizations and customizations as per one's requirements. The book also talks about how Splunk can be tweaked to make the best out of Splunk, along with how it can be integrated with R for analytics and Tableau for visualization.
This step-by-step comprehensive guide to Splunk will help readers understand Splunk's capabilities, thus enabling you to make the most efficient and best use of Splunk for big data.
Chapter 1, What's New in Splunk 6.3?, explains in detail how Splunk works in the backend, and also explains the backbone of Splunk, thanks to which it can process big data in real time. We will also go through all the new techniques and architectural changes that have been introduced in Splunk 6.3 to make Splunk faster, better, and provide near real-time results.
Chapter 2, Developing an Application on Splunk, talks about creating and managing an application and an add-on on Splunk Enterprise. You will also learn how to use different applications available on the Splunk app store to minimize the work by using the already available applications for similar requirements.
Chapter 3, On-boarding Data in Splunk, details the various methods by which data can be indexed on Splunk. We will also have a look at various customization options available while uploading data onto Splunk in order to index the data in such a way that trends, pattern detection, and other important features can be used efficiently and easily.
Chapter 4, Data Analytics, helps the reader learn the usage of commands related to searching, data manipulation, field extraction, subsearches, and so on on Splunk, thus enabling him/her to create analytics out of the data.
Chapter 5, Advanced Data Analytics, teaches the reader to generate reports and become well-versed with commands related to geographic and locations. This chapter will also cover advanced section of commands such as anomaly detection, correlation, prediction, and machine learning.
Chapter 6, Visualization, goes through the basic visualization options available in Splunk to represent data in an easier-to-understand format. Along with visualization, we will also discuss tweaking visualizations to make them easier to read and understand.
Chapter 7, Advanced Visualization, teaches the reader to use custom plugins and extensions to implement advanced visualizations in Splunk. These advanced visualizations can even be used by the nontechnical audience to generate useful insight and derive business decisions.
Chapter 8, Dashboard Customization, teaches the reader to create basic custom dashboards with the visualization and analytics you've learned so far. We will go through the various dashboard customization techniques that can be implemented to make the most of out the data on Splunk.
Chapter 9, Advanced Dashboard Customization, instructs the reader about the techniques that will help in developing a highly dynamic, customizable, and useful dashboard over the data on Splunk.
Chapter 10, Tweaking Splunk, talks about how we can make the best use of Splunk features so that we can get the maximum use out of Splunk efficiently. You will also learn the various management and customization techniques to use Splunk in the best possible way.
Chapter 11, Enterprise Integration with Splunk, teaches the reader to set up and use the Splunk SDK along with the integration of Splunk with R for analytics and Tableau for visualization.
Chapter 12, What Next? Splunk 6.4, discusses the features introduced in Splunk 6.4, along with how they can be put to use to maximize the benefit of Splunk for analytics and visualizations.
Listed as follows are the requirements for getting through the series of tasks performed through this book:
A Windows machine
Splunk 6.3/Splunk 6.4, which can be downloaded from the Splunk website
Python 2.7 and the Splunk SDK for Python
R 3.1.0
Tableau 9.3
Machine data, on which analytics and visualization is to be done.
This book is for anyone who wants to learn Splunk and understand its advanced capabilities and doesn't want to get lost in loads of online documentation. This book will help readers understand how Splunk can be put to use to derive valuable insights from machine data in no time. This book covers Splunk from end to end, along with examples and illustrations, to make the reader a "master" of Splunk.
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "We can include other contexts through the use of the include directive."
A block of code is set as follows:
[general] parallelIngestionPipelines = 2 # For 2 Ingestion Pipeline sets
Any command-line input or output is written as follows:
./splunk check-integrity -index [ index name ] [ verbose ]
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Clicking the Next button moves you to the next screen."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail <[email protected]>, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/AdvancedSplunk_ColorImages.pdf.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title.
To view the previously submitted errata, go to https://www.packtpub.com/books/content/support and enter the name of the book in the search field. The required information will appear under the Errata section.
Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors and our ability to bring you valuable content.
If you have a problem with any aspect of this book, you can contact us at <[email protected]>, and we will do our best to address the problem.