Splunk · Enterprise Operational Intelligence Delivered by Sigman, Betsy Page -- Read -- Imperial Library of Trantor

Log In

Or create an account ->

Imperial Library

Home
About
News
Upload
Forum

Help

Login/SignUp

Index

Splunk: Enterprise Operational Intelligence Delivered Credits Preface What this learning path covers What you need for this learning path Who this learning path is for Reader feedback Customer support Downloading the example code Errata Piracy Questions 1. Module 1 1. Splunk in Action Your Splunk.com account Obtaining a Splunk.com account Installing Splunk on Windows Logging in the first time Run a simple search Creating a Splunk app Populating data with Eventgen Installing an add-on Controlling Splunk Configuring Eventgen Viewing the Destinations app Creating your first dashboard Summary 2. Bringing in Data Splunk and big data Streaming data Latency of data Sparseness of data Splunk data sources Machine data Web logs Data files Social media data Other data types Creating indexes Buckets Data inputs Splunk events and fields Extracting new fields Summary 3. Search Processing Language Anatomy of a search Search pipeline Time modifiers Filtering search results Search command - stats Search command - top/rare Search commands - chart and timechart Search command - eval Search command - rex Summary 4. Data Models and Pivot Creating a data model Adding attributes to objects Creating child objects Creating an attribute based on a regular expression Data model acceleration The Pivot Editor Creating a chart from a Pivot Creating an area chart Creating a pie chart showing destination details by airport code Single value with trending sparkline Rearranging your dashboard Summary 5. Data Optimization, Reports, Alerts, and Accelerating Searches Data classification with event types Data normalization with tags Data enrichment with lookups Creating reports Creating alerts Search and report acceleration Scheduling best practices Summary indexing Summary 6. Panes of Glass Creating effective dashboards Types of dashboard Gathering information and business requirements Dynamic form-based dashboard Creating a Status Distribution panel Creating the Status Types Over Time panel Creating the Hits vs Response Time panel Arranging the dashboard Panel options Pie chart - status distribution Stacked area chart - Status Types Over Time Column with line overlay combo chart - Hits vs Response Time Form inputs Creating a time range input Creating a radio input Creating a dropdown input Static Real-Time dashboard Single Value Panels with color ranges Creating panels by cloning Single Value Panels with trends Real-time column charts with line overlays Creating a map called a choropleth Summary 7. Splunk SDK for JavaScript and D3.js Introduction to Splunk SDKs Practical applications of Splunk's SDK Prerequisites Creating a CRON Job Creating a saved search Creating the final dashboard\jobs.js HTTP server Rendering the chart Summary 8. HTTP Event Collector What is the HEC? How does the HEC work? How data flows to the HEC? Logging in data Using a token with data Sending out the data request Verifying the token Indexing the data Enabling the HEC Generating an HEC authentication token How to test the HEC with cURL and PowerShell Using the HEC with dynamic UI events JavaScript logging with the HEC Summary 9. Best Practices and Advanced Queries Temporary indexes and oneshot indexing Searching within an index Search within a limited time frame Quick searches via fast mode Using event sampling Splunk Universal Forwarders Advanced queries Subsearch Using append Using join Using eval and if Using eval and match with a case function How to improve logs Including clear key-value pairs Creating events that are understandable to human readers Remember to use timestamps for all events Be sure your identifiers are unique Log using text format, not binary Use formats that developers can use easily Log what you think might be useful at some point Create use categories with meaning Include the source of the log event Minimize the number of multi-line events Summary 2. Module 2 1. Play Time – Getting Data In Introduction Indexing files and directories Getting ready How to do it… How it works… There's more… Adding a file or directory data input via the CLI Adding a file or directory input via inputs.conf One-time indexing of data files via the Splunk CLI Indexing the Windows event logs See also Getting data through network ports Getting ready How to do it… How it works… There's more… Adding a network input via the CLI Adding a network input via inputs.conf See also Using scripted inputs Getting ready How to do it… How it works… See also Using modular inputs Getting ready How to do it… How it works… There's more… See also Using the Universal Forwarder to gather data Getting ready How to do it… How it works… There's more… Add the receiving indexer via outputs.conf Loading the sample data for this book Getting ready How to do it… How it works… See also Defining field extractions Getting ready How to do it… How it works… See also Defining event types and tags Getting ready How to do it… How it works… There's more… Adding event types and tags via eventtypes.conf and tags.conf See also 2. Diving into Data – Search and Report Introduction Making raw event data readable Getting ready How to do it… How it works… There's more… Tabulating every field Removing fields, then tabulating everything else Finding the most accessed web pages Getting ready How to do it… How it works… There's more… Searching for the top 10 accessed web pages Searching for the most accessed pages by user See also Finding the most used web browsers Getting ready How to do it… How it works… There's more… Searching for the web browser data for the most used OS types See also Identifying the top-referring websites Getting ready How to do it… How it works… There's more… Searching for the top 10 using stats instead of top See also Charting web page response codes Getting ready How to do it… How it works… There's more… Totaling success and error web page response codes See also Displaying web page response time statistics Getting ready How to do it… How it works… There's more… Displaying web page response time by action See also Listing the top viewed products Getting ready How to do it… How it works… There's more… Searching for the percentage of cart additions from product views See also Charting the application's functional performance Getting ready How to do it… How it works… There's more… See also Charting the application's memory usage Getting ready How to do it… How it works… See also Counting the total number of database connections Getting ready How to do it… How it works… See also 3. Dashboards and Visualizations – Making Data Shine Introduction Creating an Operational Intelligence dashboard Getting ready How to do it… How it works… There's more… Changing dashboard permissions Using a pie chart to show the most accessed web pages Getting ready How to do it… How it works… There's more… Searching for the top 10 accessed web pages See also Displaying the unique number of visitors Getting ready How to do it… How it works… There's more… Coloring the value based on ranges Adding trends and sparklines to the values See also Using a gauge to display the number of errors Getting ready How to do it… How it works… There's more… See also Charting the number of method requests by type and host Getting ready How to do it… How it works… See also Creating a timechart of method requests, views, and response times Getting ready How to do it… How it works… There's more… Method requests, views, and response times by host See also Using a scatter chart to identify discrete requests by size and response time Getting ready How to do it… How it works… There's more… Using time series data points with a scatter chart See also Creating an area chart of the application's functional statistics Getting ready How to do it… How it works… See also Using a bar chart to show the average amount spent by category Getting ready How to do it… How it works… See also Creating a line chart of item views and purchases over time Getting ready How to do it… How it works… See also 4. Building an Operational Intelligence Application Introduction Creating an Operational Intelligence application Getting ready How to do it… How it works… There's more… Creating an application from another application Downloading and installing a Splunk app See also Adding dashboards and reports Getting ready How to do it… How it works… There's more… Changing permissions of saved reports See also Organizing the dashboards more efficiently Getting ready How to do it… How it works… There's more… Modifying the Simple XML directly See also Dynamically drilling down on activity reports Getting ready How to do it… How it works… There's more… Disabling the drilldown feature in tables and charts See also Creating a form for searching web activity Getting ready How to do it… How it works… There's more… Adding a Submit button to your form See also Linking web page activity reports to the form Getting ready How to do it… How it works… There's more… Adding an overlay to the Sessions Over Time chart See also Displaying a geographical map of visitors Getting ready How to do it… How it works… There's more… Adding a map panel using Simple XML Mapping different distributions by area See also Scheduling PDF delivery of a dashboard Getting ready How to do it… How it works… See also 5. Extending Intelligence – Data Models and Pivoting Introduction Creating a data model for web access logs Getting ready How to do it… How it works… There's more… Searching data models using the search interface See also Creating a data model for application logs Getting ready How to do it… How it works… See also Accelerating data models Getting ready How to do it… How it works… There's more… Viewing data model and acceleration summary information Advanced configuration of data model acceleration See also Pivoting total sales transactions Getting ready How to do it… How it works… There's more… Pivot searching using the pivot command and search interface See also Pivoting purchases by geographic location Getting ready How to do it… How it works… See also Pivoting slowest responding web pages Getting ready How to do it… How it works… See also Pivot charting top error codes Getting ready How to do it… How it works… See also 6. Diving Deeper – Advanced Searching Introduction Calculating the average session time on a website Getting ready How to do it… How it works… There's more… Starts with a website visit, ends with a checkout Defining maximum pause, span, and events in a transaction See also Calculating the average execution time for multi-tier web requests Getting ready How to do it… How it works… There's more… Calculating the average execution time without using a join See also Displaying the maximum concurrent checkouts Getting ready How to do it… How it works… See also Analyzing the relationship of web requests Getting ready How to do it… How it works… There's more… Analyzing relationships of DB actions to memory utilization See also Predicting website traffic volumes Getting ready How to do it… How it works… There's more… Predicting the total number of items purchased Predicting the average response time of function calls See also Finding abnormally-sized web requests Getting ready How to do it… How it works… There's more… The anomalies command The anomalousvalues command The anomalydetection command The cluster command See also Identifying potential session spoofing Getting ready How to do it… How it works… There's more… Creating logic for urgency See also 7. Enriching Data – Lookups and Workflows Introduction Looking up product code descriptions Getting ready How to do it… How it works… There's more… Manually adding the lookup to Splunk See also Flagging suspect IP addresses Getting ready How to do it… How it works… There's more… Modifying an existing saved search to populate a lookup table See also Creating a session state table Getting ready How to do it… How it works… There's more… Use the Splunk KV store to maintain the session state table See also Adding hostnames to IP addresses Getting ready How to do it… How it works… There's more… Enabling automatic external field lookups See also Searching ARIN for a given IP address Getting ready How to do it… How it works… There's more… Limiting workflow actions by event types See also Triggering a Google search for a given error Getting ready How to do it… How it works… There's more… Triggering a Google search from the chart drilldown options See also Creating a ticket for application errors Getting ready How to do it… How it works… There's more… Adding a workflow action manually in Splunk See also Looking up inventory from an external database Getting ready How to do it… How it works… There's more… Use DB Connect for direct external DB lookups See also 8. Being Proactive – Creating Alerts Introduction Alerting on abnormal web page response times Getting ready How to do it… How it works… There's more… Viewing triggered alerts in Splunk's Alert manager See also Alerting on errors during checkout in real time Getting ready How to do it… How it works… There's more… Building alerts via a configuration file Editing alert configuration attributes using Advanced edit Identify the real-time searches that are running See also Alerting on abnormal user behavior Getting ready How to do it… How it works… There's more… Alerting on abnormal user purchases without checkouts See also Alerting on failure and triggering a scripted response Getting ready How to do it… How it works… There's more… See also Alerting when predicted sales exceed inventory Getting ready How to do it… How it works… There's more… Adding an RSS feed notification action to an alert See also 9. Speeding Up Intelligence – Data Summarization Introduction Calculating an hourly count of sessions versus completed transactions Getting ready How to do it… How it works… There's more… Generating the summary more frequently Avoiding summary index overlaps and gaps See also Backfilling the number of purchases by city Getting ready How to do it… How it works… There's more… Backfilling a summary index from within a search directly See also Displaying the maximum number of concurrent sessions over time Getting ready How to do it… How it works… There's more… Viewing the status of an accelerated report See also 10. Above and Beyond – Customization, Web Framework, REST API, HTTP Event Collector, and SDKs Introduction Customizing the application navigation Getting ready How to do it... How it works... There's more… Adding a force-directed graph of web hits Getting ready How to do it... How it works... There's more… Changing the time range on the search manager See also Adding a calendar heatmap of product purchases Getting ready How to do it... How it works... See also Adding cell highlighting of average product price Getting ready How to do it... How it works... There's more… See also Remotely querying Splunk's REST API for unique page views Getting ready How to do it... How it works... There's more… Authenticating with a session token See also Creating a Python application to return unique IP addresses Getting ready How to do it... How it works... There's more... Paginating the results of your search See also Creating a custom search command to format product names Getting ready How to do it... How it works... See also Collecting data from remote scanning devices Getting ready How to do it... How it works... See also 3. Module 3 1. What's New in Splunk 6.3? Splunk's architecture The need for parallelization Index parallelization Search parallelization Pipeline parallelization The search scheduler Summary parallelization Data integrity control Intelligent job scheduling The app key-value store System requirements Uses of the key-value store Components of the key-value store Managing key-value store collections via REST Examples Replication of the key-value store Splunk Enterprise Security Enabling HTTPS for Splunk Web Enabling HTTPS for the Splunk forwarder Securing a password with Splunk The access control list Authentication using SAML Summary 2. Developing an Application on Splunk Splunk apps and technology add-ons What is a Splunk app? What is a technology add-on? Developing a Splunk app Creating the Splunk application and technology add-on Packaging the application Installing a Splunk app via Splunk Web Installing the Splunk app manually Developing a Splunk add-on Building an add-on Installing a technology add-on Managing Splunk apps and add-ons Splunk apps from the app store Summary 3. On-boarding Data in Splunk Deep diving into various input methods and sources Data sources Structured data Web and cloud services IT operations and network security Databases Application and operating system data Data input methods Files and directories Network sources Windows data Adding data to Splunk – new interfaces HTTP Event Collector and configuration HTTP Event Collector Configuration via Splunk Web Managing the Event Collector token The JSON API format Authentication Metadata Event data Data processing Event configuration Character encoding Event line breaking Timestamp configuration Host configuration Configuring a static host value – files and directories Configuring a dynamic host value – files and directories Configuring a host value – events Managing event segmentation Improving the data input process Summary 4. Data Analytics Data and indexes Accessing data The index command The eventcount command The datamodel command The dbinspect command The crawl command Managing data The input command The delete command The clean command Summary indexing Search The search command The sendmail command The localop command Subsearch The append command The appendcols command The appendpipe command The join command Time The reltime command The localize command Fields The eval command The xmlkv command The spath command The makemv command The fillnull command The filldown command The replace command Results The fields command The searchtxn command The head / tail command The inputcsv command The outputcsv command Summary 5. Advanced Data Analytics Reports The makecontinuous command The addtotals command The xyseries command Geography and location The iplocation command The geostats command Anomalies The anomalies command The anomalousvalue command The cluster command The kmeans command The outlier command The rare command Predicting and trending The predict command The trendline command The x11 command Correlation The correlate command The associate command The diff command The contingency command Machine learning Summary 6. Visualization Prerequisites – configuration settings Tables Tables – Data overlay Tables – Sparkline Sparkline – Filling and changing color Sparkline – The max value indicator Sparkline – A bar style Tables – An icon set Single value Charts Charts – Coloring Chart overlay Bubble charts Drilldown Dynamic drilldown The x-axis or y-axis value as a token to a form Dynamic drilldown to pass a respective row's specific column value Dynamic drilldown to pass a fieldname of a clicked value Contextual drilldown The URL field value drilldown Single value drilldown Summary 7. Advanced Visualization Sunburst sequence What is a sunburst sequence? Example Implementation Geospatial visualization Example Syntax Search query Implementation Punchcard visualization Example Search query Implementation Calendar heatmap visualization Example Search query Implementation The Sankey diagram Example Implementation Parallel coordinates Example Search query Implementation The force directed graph Example Implementation Custom chart overlay Example Implementation Custom decorations Example What is the use of such custom decorations? Implementation Summary 8. Dashboard Customization Dashboard controls HTML dashboard Display controls Example and implementation Syntax Form input controls Example and implementation Panel controls Example and implementation Enabling/disabling refresh time Disabling the manual refresh link Enabling auto refresh Multi-search management Example Implementation Tokens Eval tokens Syntax of the eval token Example Implementation Custom tokens Example Implementation Null search swapper Example Implementation Switcher Link switcher Example and implementation Button switcher Example and implementation Summary 9. Advanced Dashboard Customization Layout customization Panel width Example Implementation Grouping Example Single-value grouping Visualization grouping Implementation Panel toggle Example Implementation Image overlay Example What is the use of image overlay? Where can image overlay be used? Implementation Custom look and feel Example and implementation The custom alert action What is alerting? Alerting The features Implementation Example Summary 10. Tweaking Splunk Index replication Standalone environment Distributed environment Replication Searching Failures Indexer auto-discovery Example Implementation Sourcetype manager Field extractor Accessing field extractor Using field extractor Example Regular expression Delimiter Search history Event pattern detection Data acceleration Need for data acceleration Data model acceleration Splunk buckets Search optimizations Time range Search modes Scope of searching Search terms Splunk health splunkd log Search log Summary 11. Enterprise Integration with Splunk The Splunk SDK Installing the Splunk SDK The Splunk SDK for Python Importing the Splunk API in Python Connecting and authenticating the Splunk server Splunk APIs Creating and deleting an index Creating input Uploading files Saved searches Splunk searches Splunk with R for analytics The setup Using R with Splunk Splunk with Tableau for visualization The setup Using Tableau with Splunk Summary 12. What Next? Splunk 6.4 Storage optimization Machine learning Management and admin Indexer and search head enhancement Visualizations Multi-search management Enhanced alert actions Summary Biblography Index

← Prev
Back
Next →

← Prev
Back
Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion