๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Splunk 7.x Quick Start Guide: Gain business data insights from operational intelligence

โœ Scribed by James H. Baxter

Publisher
Packt Publishing
Year
2018
Tongue
English
Leaves
290
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

Learn how to architect, implement, and administer a complex Splunk Enterprise environment and extract valuable insights from business data.

Key Features

  • Understand the various components of Splunk and how they work together to provide a powerful Big Data analytics solution.
  • Collect and index data from a wide variety of common machine data sources
  • Design searches, reports, and dashboard visualizations to provide business data insights

Book Description

Splunk is a leading platform and solution for collecting, searching, and extracting value from ever increasing amounts of big data - and big data is eating the world! This book covers all the crucial Splunk topics and gives you the information and examples to get the immediate job done. You will find enough insights to support further research and use Splunk to suit any business environment or situation.

Splunk 7.x Quick Start Guide gives you a thorough understanding of how Splunk works. You will learn about all the critical tasks for architecting, implementing, administering, and utilizing Splunk Enterprise to collect, store, retrieve, format, analyze, and visualize machine data. You will find step-by-step examples based on real-world experience and practical use cases that are applicable to all Splunk environments. There is a careful balance between adequate coverage of all the critical topics with short but relevant deep-dives into the configuration options and steps to carry out the day-to-day tasks that matter.

By the end of the book, you will be a confident and proficient Splunk architect and administrator.

What you will learn

  • Design and implement a complex Splunk Enterprise solution
  • Configure your Splunk environment to get machine data in and indexed
  • Build searches to get and format data for analysis and visualization
  • Build reports, dashboards, and alerts to deliver critical insights
  • Create knowledge objects to enhance the value of your data
  • Install Splunk apps to provide focused views into key technologies
  • Monitor, troubleshoot, and manage your Splunk environment

Who this book is for

This book is intended for experienced IT personnel who are just getting started working with Splunk and want to quickly become proficient with its usage. Data analysts who need to leverage Splunk to extract critical business insights from application logs and other machine data sources will also benefit from this book.

Table of Contents

  1. Introduction to Splunk - Components, Features, and Capabilities
  2. Architecting and Implementing Splunk
  3. Installing and Configuring Splunk
  4. Getting Data Into Splunk
  5. Administering Apps and Users
  6. Searching with Splunk
  7. Splunk Knowledge Objects
  8. Splunk Reports, Dashboards, and Alerts
  9. Splunk Applications
  10. Advanced Splunk

โœฆ Table of Contents

Cover
Title Page
Copyright and credits
Dedication
About Packt
Contributors
Table of Contents
Preface
Chapter 1: Introduction to Splunk
What is Splunk?
Splunk products
The history of Splunk
Installing Splunk for free
Splunk components
Splunk processing tiers
Splunk events
Splunk information resources
Summary
Chapter 2: Architecting Splunk
Selecting a Splunk configuration
Data collectionย โ€“ data inputsย 
Data collectionย โ€“ concurrent searches
Distributed versus clustered Splunk environments
Replication and search factor
Replication factor
Search factor
Hot/warm and cold buckets
Search head clusters
Making a design decision
Selecting Splunk hardware options
Performance considerations
Making a hardware selection
Disk-sizing calculations
Summary
Chapter 3: Installing and Configuring Splunk
Installing Splunk Enterprise
Installing Splunk on Linux
Linux settings
Userโ€“group โ€“ environment settings
ulimits
Transparent huge pages
Starting Splunk
Starting on reboot
Stopping Splunk
Installing Splunk on Windows server
Disabling antivirus software
Installing Splunk with a short pathname
Installing Splunk via the GUI
Stopping and starting Splunk on Windows
Synchronization of system clocks
Configuring Splunk components
Splunk directory structure
Configuration file precedence
Splunk installation checklist
Component and IP address list
Installation steps
Individual component configurationsย 
License master and cluster master
Forwarding Splunk's internal logs to the indexers
Pointing servers to the license master
Indexing cluster
Configuring a TCP input
Deployer
Search heads
Designating and starting a search head captain
Checking search head cluster status
Deployment server
Multisite environments
Cluster master
Indexers
Search heads
Cross-environment search
Documenting your Splunk deployment
Summary
Chapter 4:
Getting Data into Splunk
Installing Splunk universal forwarder
Installation steps
Starting/stopping the universal forwarder
Configuring outputs.conf
Configuring inputs.conf
Setting up a heavy forwarder
Configuring other data source inputs
Configuring an HTTP Event Collector
Testing the HTTP Event Collector
Introduction to apps
Using the deployment server
Configuring a deployment client
Configuring the deployment server
Creating deployment apps
Creating a serverclass.conf file
Using forwarder management in Splunk web
Managing Splunk Indexes
Creating an index
Deleting index data
Summary indexes
Metrics indexes
Splunk sourcetypes
Creating custom source types
Using the cluster master
Distributing the configuration bundle
Summary
Cahpter 5: Administering Splunk Apps and Users
Using the deployer
Deploying new or updated apps
Configuring users and roles
Splunk authentication
LDAP authentication
SAML authentication
Managing Splunk roles
Search restrictions
Capabilities
Indexes
authorize.conf
Working with authentication.conf and authorize.conf
Best practices for administering Splunk
Index naming conventions
Source type naming conventions
Location of indexes.conf, props.conf, and transforms.conf
Supporting your Splunk Deployment
Splunk support personnel
Funding Your Splunk deployment
Splunk resource cost calculations
Summary
Chapter 6: Searching with Splunk
The Splunk Web interface
Search controls
Timeline and events
Creating Splunk searches
Basic search commands
Index
Time-range selection
Search filters
Search commands
Eval
Stats
Dedup
Rex
Where
Formatting commands
Rename
Sort/reverse
Head/tail
Top/rare
Visualizing search results
Table/fields
Chart/timechart
Chart
Timechart
Visualizations in Splunk web
Advanced search commands
Subsearches
Join
Transaction
Streaming versus transforming commands
Optimizing searches
Optimizing search jobs
Job inspector
Summary
Chapter 7: Splunk Knowledge Objects
Field extractions
Index-time field extractions
Search-time field extractions
Using the extract fields interface
Other knowledge objects
Event typesย โ€“ tagsย โ€“ aliases
Event type
Tags
Field aliases
Lookups
Macros
Datasets and data models
Datasets
Data models
Using data models in search
Data model acceleration
Pivot tables
Summary
Chapter 8: Splunk Reports, Dashboards, and Alerts
Introduction
Creating reports
Scheduling a report
Creating a dashboard
Adding a new panel with inline search
Editing panel characteristics
Using dashboard forms
Using tokens
Working with Simple XML
Improving dashboard performanceย 
Using JavaScript and CSS within a dashboard
Event-handlers
Creating an alert
Summary
Chapter 9: Splunk Applications
Splunk apps and add-ons
Creating a Splunk app
App context and permissions
Using Splunkbase
Splunk app and add-on for Unix and Linux
Machine learning toolkit
Splunk DB Connect
Requirements and installation
Hardware requirements
Java runtime
Installing DB connect
Database JDBC drivers
Configuring DB Connect
Configuring task server
Database drivers
Configuring database input
Identities and roles
Connections
Input
Output
Lookups
Troubleshooting DB Connect
HEC port conflicts
Splunk Premium apps
IT service intelligence
Enterprise security and UBA
Summary
Chapter 10: Advanced Splunk
Troubleshooting Splunk
Splunk logs
btool
diag
Opening a Splunk support case
Locked license issue
Performance and capacity
REST API endpoints
Splunk Monitoring Console
Configuring the monitoring console
Using the Monitoring Console
Data rebalancing
Indexer clustering and bucket status
Upgrading Splunk Enterprise
Splunk development
Software Development Kits
Using the Python SDK
The REST API
Additional study topics
Summary
Other Books You May Enjoy
Index

๐Ÿ“œ SIMILAR VOLUMES

Splunk 7.x Quick Start Guide: Gain busin
๐Ÿ“ Splunk 7.x Quick Start Guide: Gain business data insights from operational intelligence
โœ James H. Baxter ๐Ÿ“‚ Library ๐Ÿ“… 2018 ๐Ÿ› Packt Publishing ๐ŸŒ English

<span><p><b>Learn how to architect, implement, and administer a complex Splunk Enterprise environment and extract valuable insights from business data.</b></p> <h4>Key Features</h4> <ul><li>Understand the various components of Splunk and how they work together to provide a powerful Big Data analytic

Splunk 7.x Quick Start Guide: Gain busin
๐Ÿ“ Splunk 7.x Quick Start Guide: Gain business data insights from operational intelligence. Code
โœ James H. Baxter ๐Ÿ“‚ Library ๐Ÿ“… 2018 ๐Ÿ› Packt Publishing ๐ŸŒ English

Code <span><p><b>Learn how to architect, implement, and administer a complex Splunk Enterprise environment and extract valuable insights from business data.</b></p> <h4>Key Features</h4> <ul><li>Understand the various components of Splunk and how they work together to provide a powerful Big Data an

Splunk Operational Intelligence Cookbook
๐Ÿ“ Splunk Operational Intelligence Cookbook: Over 70 practical recipes to gain operational data intelligence with Splunk Enterprise
โœ Josh Diakun, Paul R Johnson, Derek Mock ๐Ÿ“‚ Library ๐Ÿ“… 2014 ๐Ÿ› Packt Publishing ๐ŸŒ English

This book contains over 70 practical, task-oriented recipes to build up your knowledge of Splunk's many features which you can apply to real-world operational intelligence scenarios. Right from the first chapter, you will follow recipes that progressively build upon one another. The recipes provide

SAP Business Intelligence Quick Start Gu
๐Ÿ“ SAP Business Intelligence Quick Start Guide : Actionable Business Insights from the SAP BusinessObjects BI Platform
โœ Vinay Singh ๐Ÿ“‚ Library ๐Ÿ“… 2019 ๐Ÿ› Packt Publishing, Limited ๐ŸŒ English

Designing and deploying solutions using the SAP BusinessObjects Business Intelligence platform 4.2. Key Features Get up and running with the SAP BusinessObjects Business Intelligence platform Perform effective data analysis and visualization for actionable insights Enhance your BI strategy by creati

Python Data Mining Quick Start Guide: A
๐Ÿ“ Python Data Mining Quick Start Guide: A beginner's guide to extracting valuable insights from your data
โœ Nathan Greeneltch ๐Ÿ“‚ Library ๐Ÿ“… 2019 ๐Ÿ› Packt Publishing Ltd ๐ŸŒ English

Explore the different data mining techniques using the libraries and packages offered by Python Key Features Grasp the basics of data loading, cleaning, analysis, and visualization Use the popular Python libraries such as NumPy, pandas, matplotlib, and scikit-learn for data mining Your one-stop guid

Python Data Mining Quick Start Guide: A
๐Ÿ“ Python Data Mining Quick Start Guide: A beginner's guide to extracting valuable insights from your data
โœ Nathan Greeneltch ๐Ÿ“‚ Library ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><span>Explore the different data mining techniques using the libraries and packages offered by Python</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Grasp the basics of data loading, cleaning, analysis, and visualization </span></span></li><li><span><span>Use the popular Python l