You are previewing Advanced Splunk.
O'Reilly logo
Advanced Splunk

Book Description

Master the art of getting the maximum out of your machine data using Splunk

About This Book

  • A practical and comprehensive guide to the advanced functions of Splunk,, including the new features of Splunk 6.3

  • Develop and manage your own Splunk apps for greater insight from your machine data

  • Full coverage of high-level Splunk techniques including advanced searches, manipulations, and visualization

  • Who This Book Is For

    This book is for Splunk developers looking to learn advanced strategies to deal with big data from an enterprise architectural perspective. It is expected that readers have a basic understanding and knowledge of using Splunk Enterprise.

    What You Will Learn

  • Find out how to develop and manage apps in Splunk

  • Work with important search commands to perform data analytics on uploaded data

  • Create visualizations in Splunk

  • Explore tweaking Splunk

  • Integrate Splunk with any pre-existing application to perform data crunching efficiently and in real time

  • Make your big data speak with analytics and visualizations using Splunk

  • Use SDK and Enterprise integration with tools such as R and Tableau

  • In Detail

    Master the power of Splunk and learn the advanced strategies to get the most out of your machine data with this practical advanced guide. Make sense of the hidden data of your organization – the insight of your servers, devices, logs, traffic and clouds. Advanced Splunk shows you how.

    Dive deep into Splunk to find the most efficient solution to your data problems. Create the robust Splunk solutions you need to make informed decisions in big data machine analytics. From visualizations to enterprise integration, this well-organized high level guide has everything you need for Splunk mastery.

    Start with a complete overview of all the new features and advantages of the latest version of Splunk and the Splunk Environment. Go hands on with uploading data, search commands for basic and advanced analytics, advanced visualization techniques, and dashboard customizing. Discover how to tweak Splunk to your needs, and get a complete on Enterprise Integration of Splunk with various analytics and visualization tools. Finally, discover how to set up and use all the new features of the latest version of Splunk.

    Style and approach

    This book follows a step by step approach. Every new concept is built on top of its previous chapter, and it is full of examples and practical scenarios to help the reader experiment as they read.

    Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

    Table of Contents

    1. Advanced Splunk
      1. Table of Contents
      2. Advanced Splunk
      3. Credits
      4. About the Author
      5. Acknowledgements
      6. About the Reviewer
      7. www.PacktPub.com
        1. eBooks, discount offers, and more
          1. Why subscribe?
          2. Instant updates on new Packt books
      8. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Downloading the color images of this book
          2. Errata
          3. Piracy
          4. Questions
      9. 1. What's New in Splunk 6.3?
        1. Splunk's architecture
          1. The need for parallelization
          2. Index parallelization
        2. Search parallelization
          1. Pipeline parallelization
          2. The search scheduler
          3. Summary parallelization
        3. Data integrity control
        4. Intelligent job scheduling
        5. The app key-value store
          1. System requirements
          2. Uses of the key-value store
          3. Components of the key-value store
          4. Managing key-value store collections via REST
            1. Examples
          5. Replication of the key-value store
        6. Splunk Enterprise Security
          1. Enabling HTTPS for Splunk Web
          2. Enabling HTTPS for the Splunk forwarder
          3. Securing a password with Splunk
          4. The access control list
        7. Authentication using SAML
        8. Summary
      10. 2. Developing an Application on Splunk
        1. Splunk apps and technology add-ons
          1. What is a Splunk app?
          2. What is a technology add-on?
        2. Developing a Splunk app
          1. Creating the Splunk application and technology add-on
          2. Packaging the application
          3. Installing a Splunk app via Splunk Web
          4. Installing the Splunk app manually
        3. Developing a Splunk add-on
          1. Building an add-on
          2. Installing a technology add-on
        4. Managing Splunk apps and add-ons
        5. Splunk apps from the app store
        6. Summary
      11. 3. On-boarding Data in Splunk
        1. Deep diving into various input methods and sources
          1. Data sources
            1. Structured data
            2. Web and cloud services
            3. IT operations and network security
            4. Databases
            5. Application and operating system data
          2. Data input methods
            1. Files and directories
            2. Network sources
            3. Windows data
        2. Adding data to Splunk – new interfaces
          1. HTTP Event Collector and configuration
            1. HTTP Event Collector
            2. Configuration via Splunk Web
            3. Managing the Event Collector token
          2. The JSON API format
            1. Authentication
            2. Metadata
            3. Event data
        3. Data processing
          1. Event configuration
            1. Character encoding
            2. Event line breaking
          2. Timestamp configuration
          3. Host configuration
            1. Configuring a static host value – files and directories
            2. Configuring a dynamic host value – files and directories
            3. Configuring a host value – events
        4. Managing event segmentation
        5. Improving the data input process
        6. Summary
      12. 4. Data Analytics
        1. Data and indexes
          1. Accessing data
            1. The index command
            2. The eventcount command
            3. The datamodel command
            4. The dbinspect command
            5. The crawl command
          2. Managing data
            1. The input command
            2. The delete command
            3. The clean command
            4. Summary indexing
        2. Search
          1. The search command
          2. The sendmail command
          3. The localop command
        3. Subsearch
          1. The append command
          2. The appendcols command
          3. The appendpipe command
          4. The join command
        4. Time
          1. The reltime command
          2. The localize command
        5. Fields
          1. The eval command
          2. The xmlkv command
          3. The spath command
          4. The makemv command
          5. The fillnull command
          6. The filldown command
          7. The replace command
        6. Results
          1. The fields command
          2. The searchtxn command
          3. The head / tail command
          4. The inputcsv command
          5. The outputcsv command
        7. Summary
      13. 5. Advanced Data Analytics
        1. Reports
          1. The makecontinuous command
          2. The addtotals command
          3. The xyseries command
        2. Geography and location
          1. The iplocation command
          2. The geostats command
        3. Anomalies
          1. The anomalies command
          2. The anomalousvalue command
          3. The cluster command
          4. The kmeans command
          5. The outlier command
          6. The rare command
        4. Predicting and trending
          1. The predict command
          2. The trendline command
          3. The x11 command
        5. Correlation
          1. The correlate command
          2. The associate command
          3. The diff command
          4. The contingency command
        6. Machine learning
        7. Summary
      14. 6. Visualization
        1. Prerequisites – configuration settings
        2. Tables
          1. Tables – Data overlay
          2. Tables – Sparkline
            1. Sparkline – Filling and changing color
            2. Sparkline – The max value indicator
            3. Sparkline – A bar style
          3. Tables – An icon set
        3. Single value
        4. Charts
          1. Charts – Coloring
          2. Chart overlay
          3. Bubble charts
        5. Drilldown
          1. Dynamic drilldown
            1. The x-axis or y-axis value as a token to a form
            2. Dynamic drilldown to pass a respective row's specific column value
            3. Dynamic drilldown to pass a fieldname of a clicked value
          2. Contextual drilldown
          3. The URL field value drilldown
          4. Single value drilldown
        6. Summary
      15. 7. Advanced Visualization
        1. Sunburst sequence
          1. What is a sunburst sequence?
          2. Example
          3. Implementation
        2. Geospatial visualization
          1. Example
            1. Syntax
            2. Search query
          2. Implementation
        3. Punchcard visualization
          1. Example
            1. Search query
          2. Implementation
        4. Calendar heatmap visualization
          1. Example
            1. Search query
          2. Implementation
        5. The Sankey diagram
          1. Example
          2. Implementation
        6. Parallel coordinates
          1. Example
            1. Search query
          2. Implementation
        7. The force directed graph
          1. Example
          2. Implementation
        8. Custom chart overlay
          1. Example
          2. Implementation
        9. Custom decorations
          1. Example
            1. What is the use of such custom decorations?
          2. Implementation
        10. Summary
      16. 8. Dashboard Customization
        1. Dashboard controls
          1. HTML dashboard
          2. Display controls
            1. Example and implementation
            2. Syntax
          3. Form input controls
            1. Example and implementation
          4. Panel controls
            1. Example and implementation
              1. Enabling/disabling refresh time
              2. Disabling the manual refresh link
              3. Enabling auto refresh
        2. Multi-search management
          1. Example
          2. Implementation
        3. Tokens
          1. Eval tokens
            1. Syntax of the eval token
            2. Example
            3. Implementation
          2. Custom tokens
            1. Example
            2. Implementation
        4. Null search swapper
          1. Example
          2. Implementation
        5. Switcher
          1. Link switcher
            1. Example and implementation
          2. Button switcher
            1. Example and implementation
        6. Summary
      17. 9. Advanced Dashboard Customization
        1. Layout customization
          1. Panel width
            1. Example
            2. Implementation
          2. Grouping
            1. Example
              1. Single-value grouping
              2. Visualization grouping
            2. Implementation
          3. Panel toggle
            1. Example
            2. Implementation
          4. Image overlay
            1. Example
              1. What is the use of image overlay?
              2. Where can image overlay be used?
            2. Implementation
        2. Custom look and feel
          1. Example and implementation
        3. The custom alert action
          1. What is alerting?
          2. Alerting
          3. The features
          4. Implementation
          5. Example
        4. Summary
      18. 10. Tweaking Splunk
        1. Index replication
          1. Standalone environment
          2. Distributed environment
          3. Replication
            1. Searching
            2. Failures
        2. Indexer auto-discovery
          1. Example
          2. Implementation
        3. Sourcetype manager
        4. Field extractor
          1. Accessing field extractor
          2. Using field extractor
          3. Example
            1. Regular expression
            2. Delimiter
        5. Search history
        6. Event pattern detection
        7. Data acceleration
          1. Need for data acceleration
          2. Data model acceleration
        8. Splunk buckets
        9. Search optimizations
          1. Time range
          2. Search modes
          3. Scope of searching
          4. Search terms
        10. Splunk health
          1. splunkd log
          2. Search log
        11. Summary
      19. 11. Enterprise Integration with Splunk
        1. The Splunk SDK
        2. Installing the Splunk SDK
        3. The Splunk SDK for Python
          1. Importing the Splunk API in Python
          2. Connecting and authenticating the Splunk server
          3. Splunk APIs
            1. Creating and deleting an index
            2. Creating input
            3. Uploading files
            4. Saved searches
            5. Splunk searches
        4. Splunk with R for analytics
          1. The setup
          2. Using R with Splunk
        5. Splunk with Tableau for visualization
          1. The setup
          2. Using Tableau with Splunk
        6. Summary
      20. 12. What Next? Splunk 6.4
        1. Storage optimization
        2. Machine learning
        3. Management and admin
        4. Indexer and search head enhancement
        5. Visualizations
        6. Multi-search management
        7. Enhanced alert actions
        8. Summary
      21. Index