Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Splunk 7 Essentials Third Edition
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Splunk – Getting Started
Your Splunk account
Obtaining a Splunk account
Installing Splunk on Windows
Installing Splunk on Linux
Logging in for the first time
Running a simple search
Creating a Splunk app
Populating data with Eventgen
Using the CLI to configure Eventgen
Installing the Eventgen add-on (Windows and Linux)
Controlling Splunk
Configuring Eventgen
Viewing the Destinations app
Creating your first dashboard
Summary
Bringing in Data
Splunk and big data
Streaming data
Analytical data latency
Sparseness of data
Splunk data sources
Machine data
Web logs
Data files
Social media data
Relational database data
Other data types
Creating indexes
Buckets
Log files as data input
Splunk events and fields
Extracting new fields
Summary
Search Processing Language
Anatomy of a search
Search pipeline
Time modifiers
Filtering search results
Search command – stats
Search command – top/rare
Search commands – chart and timechart
Search command – eval
Search command – rex
Summary
Reporting, Alerts, and Search Optimization
Data classification with Event Types
Data normalization with Tags
Data enrichment with Lookups
Creating and scheduling reports
Creating alerts
Search and Report acceleration
Scheduling options
Summary indexing
Summary
Dynamic Dashboarding
Creating effective dashboards
Types of dashboards
Gathering business requirements
Dynamic form-based dashboard
Creating a Status Distribution panel
Creating the Status Types Over Time panel
Creating the Hits vs Response Time panel
Arrange the dashboard
Panel options
Pie chart – Status Distribution
Stacked area chart – Status Types Over Time
Column with overlay combination chart – Hits vs Response Time
Form inputs
Creating a time range input
Creating a radio input
Creating a drop-down input
Static real-time dashboard
Single-value panels with color ranges
Creating panels by cloning
Single-value panels with trends
Real-time column charts with line overlays
Creating a choropleth map
Summary
Data Models and Pivot
Creating a data model
Adding attributes to objects
Creating child objects
Creating an attribute based on a regular expression
Data model acceleration
The Pivot editor
Creating a Pivot and a chart
Creating an area chart
Creating a pie chart
Single value with trending sparkline
Rearranging your dashboard
Summary
HTTP Event Collector
What is the HEC?
How does the HEC work?
How data flows to the HEC
Logging data
Using a token with data
Sending out the data request
Verifying the token
Indexing the data
Enabling the HEC
Generating an HEC authentication token
Seeing the HEC in action with cURL
Indexer acknowledgement
Summary
Best Practices and Advanced Queries
Indexes for testing
Searching within an index
Search within a limited time frame
Quick searches via fast mode
Using event sampling
Use the fields command to improve search performance
Advanced searches
Subsearch
Using append
Using join
Using eval and if
Using eval and match with a case function
Summary
Taking Splunk to the Organization
Common organizational use cases
IT operations
Cybersecurity
Software development and support operations
Internet of Things
Splunk architecture considerations
Splunk architecture for an organization
Search capacity
Indexing capacity and data replication
High availability for critical environments
Monitoring Console
Forwarders
Universal forwarder
Heavy forwarder
Splunk Cloud
Splunk pricing model
The Splunk community and online resources
Summary
← Prev
Back
Next →
← Prev
Back
Next →