Book description
A comprehensive guide to help you transform Big Data into valuable business insights with Splunk 6.2
In Detail
Splunk is a type of analysis and reporting software for analyzing machine-generated Big Data. It captures, indexes, and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards, and visualizations. It aims to make machine data accessible across an organization for a variety of purposes.
Implementing Splunk Second Edition is a learning guide that introduces you to all the latest features and improvements of Splunk 6.2. The book starts by introducing you to various concepts such as charting, reporting, clustering, and visualization. Every chapter is dedicated to enhancing your knowledge of a specific concept, including data models and pivots, speeding up your queries, backfilling, data replication, and so on. By the end of the book, you'll have a very good understanding of Splunk and be able to perform efficient data analysis.
What You Will Learn
- Enrich your data with lookups and commands
- Transform your data into useful and beautiful reports
- Build professional-looking, informative dashboards
- Get to know what Splunk data models and pivots are
- Learn about pivot editor, pivot elements, filters, Sparklines, and more
- Manage configurations from one to thousands of instances
- Extend Splunk with scripts and advanced configuration
- Create fields from your unstructured data
- Write searches that are fast and lean
Table of contents
-
Implementing Splunk Second Edition
- Table of Contents
- Implementing Splunk Second Edition
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. The Splunk Interface
-
2. Understanding Search
- Using search terms effectively
- Boolean and grouping operators
- Clicking to modify your search
- Using fields to search
- Using wildcards efficiently
- All about time
- Making searches faster
- Sharing results with others
- Search job settings
- Saving searches for reuse
- Creating alerts from searches
- Summary
-
3. Tables, Charts, and Fields
- About the pipe symbol
- Using top to show common field values
- Using stats to aggregate values
- Using chart to turn data
- Using timechart to show values over time
- Working with fields
- Summary
- 4. Data Models and Pivots
- 5. Simple XML Dashboards
- 6. Advanced Search Examples
- 7. Extending Search
- 8. Working with Apps
- 9. Building Advanced Dashboards
-
10. Summary Indexes and CSV Files
- Understanding summary indexes
- When to use a summary index
- When not to use a summary index
- Populating summary indexes with saved searches
- Using summary index events in a query
- Using sistats, sitop, and sitimechart
- How latency affects summary queries
- How and when to backfill summary data
- Reducing summary index size
- Calculating top for a large time frame
- Using CSV files to store transient data
- Summary
-
11. Configuring Splunk
- Locating Splunk configuration files
- The structure of a Splunk configuration file
- The configuration merging logic
-
An overview of Splunk .conf files
- props.conf
- inputs.conf
- transforms.conf
- fields.conf
- outputs.conf
- indexes.conf
- authorize.conf
- savedsearches.conf
- times.conf
- commands.conf
- web.conf
- User interface resources
- Summary
-
12. Advanced Deployments
- Planning your installation
- Splunk instance types
- Common data sources
- Sizing indexers
- Planning redundancy
- Working with multiple indexes
- Deploying the Splunk binary
- Using apps to organize configuration
-
Configuration distribution
- Using your own deployment system
-
Using the Splunk deployment server
- Step 1 – deciding where your deployment server will run from
- Step 2 – defining your deploymentclient.conf configuration
- Step 3 – defining our machine types and locations
- Step 4 – normalizing our configurations into apps appropriately
- Step 5 – mapping these apps to deployment clients in serverclass.conf
- Step 6 – restarting the deployment server
- Step 7 – installing deploymentclient.conf
- Using LDAP for authentication
- Using Single Sign On
- Load balancers and Splunk
- Multiple search heads
- Summary
- 13. Extending Splunk
- Index
Product information
- Title: Implementing Splunk - Second Edition
- Author(s):
- Release date: July 2015
- Publisher(s): Packt Publishing
- ISBN: 9781784391607
You might also like
book
Implementing Splunk 7 - Third Edition
A comprehensive guide to making machine data accessible across the organization using advanced dashboards About This …
book
Splunk Developer's Guide - Second Edition
Learn the A to Z of building excellent Splunk applications with the latest techniques using this …
book
Splunk Essentials - Second Edition
A fast-paced and practical guide to demystifying big data and transforming it into operational intelligence About …
book
Splunk Best Practices
Design, implement, and publish custom Splunk applications by following best practicesAbout This Book This is the …