You are previewing Splunk Essentials.
O'Reilly logo
Splunk Essentials

Book Description

Leverage the power of Splunk to efficiently analyze machine, log, web, and social media data

In Detail

Splunk is a powerful tool that is used extensively to search, monitor, and analyze any machine data.

This book is designed to introduce you quickly to the benefits of using the Splunk Enterprise system. Understanding this technology will allow you to engage with your important data and ensure that it is collected, stored, managed, reported on, and utilized well to enable you to make better business decisions. By equipping you with this knowledge, you will be better prepared to tackle data issues in the fast-paced business world of today. You will learn about various vital topics such as data collection, managing apps, creating reports, and analyzing data using Splunk. You will also be equipped with skills to help you obtain a Twitter API key for use with the Twitter app for Splunk.

What You Will Learn

  • Use Splunk to collect all types of data

  • Create reports in Splunk to help understand what your data says and develop business insights

  • Design dashboards in Splunk to present data in many useful ways on one interface

  • Set up alerts to communicate problems or issues with a system

  • Utilize the Report Builder to create values over time, top values, and rare values reports

  • Understand how to bring in and analyze live streaming data

  • Familiarize yourself with data storage in Splunk

  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Splunk Essentials
      1. Table of Contents
      2. Splunk Essentials
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
          3. Instant updates on new Packt books
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Conventions
        5. Reader feedback
        6. Customer support
          1. Errata
          2. Piracy
          3. Questions
      8. 1. Introducing Splunk
        1. How to install Splunk
          1. Splunk setup instructions
            1. Setting up Splunk for Windows
            2. Splunk for Mac
          2. Starting up Splunk
            1. The functions of Splunk
        2. Splunk and big data
          1. The three Vs
          2. Other big data descriptors
        3. Splunk data sources
        4. Understanding events, event types, and fields in Splunk
          1. Events
          2. Event types
          3. Sourcetypes
          4. Fields
        5. Getting data into Splunk
        6. Summary
      9. 2. An Introduction to Indexing and Searching
        1. Collecting data to search
        2. Indexing data with Splunk
          1. Using indexed data
            1. Viewing a list of indexes
          2. Bringing in indexed data
        3. Specifying a sourcetype
        4. What is Search Processing Language (SPL)?
          1. Using pipes when processing data with Splunk
          2. Types of SPL commands
          3. Filter commands
          4. The sort command
          5. The grouping command
          6. Reporting commands
          7. Other commands
        5. How to perform simple searches
        6. Summary
      10. 3. More on Using Search
        1. More on search
        2. Doing a count
          1. Creating a count broken down by field values
        3. Other stat functions
        4. Using the eval command
          1. Combining stats with eval
        5. Using the timechart command
        6. Visualizations
          1. Changing Format to Column Chart
            1. The top command
          2. Charting by the day of the week
          3. Putting days of the week in an alphabetical order
        7. Summary
      11. 4. Reports in Splunk
        1. Getting data ready for reporting
          1. Tagging
            1. Setting event types
          2. The field extractor
        2. The Report Builder
          1. Creating a dashboard
          2. Adding a panel with a search string
          3. Built-in search dashboards
          4. Creating a bar chart
          5. Creating a stacked bar chart
          6. Changing the placement of a legend
          7. Creating an area chart across time
          8. How to make a sparkline panel
          9. Creating a scattergram
          10. Creating a transaction
          11. Radial Gauge
          12. Creating a Marker Gauge
          13. Creating a pivot table
        3. Summary
      12. 5. Splunk Applications
        1. What are Splunk applications?
        2. How to find Splunk apps
        3. The wide range of Splunk applications
          1. Apps versus add-ons
          2. Types of apps
          3. Splunk's app environment
            1. Creating a Splunk applications
          4. How to install an app
          5. How to manage apps
          6. Splunk's Twitter Application
          7. Installing Splunk's Twitter app
            1. Obtaining a Twitter account
            2. Obtaining a Twitter API Key
              1. Installing the Twitter app
        4. Summary
      13. 6. Using the Twitter App
        1. Creating a Twitter index
        2. Searching Twitter data
          1. A simple search
          2. Examining the Twitter event
          3. The implied AND
          4. The need to specify OR
          5. Finding other words used
        3. Using a lookup table
        4. The built-in General Activity dashboard
          1. The search code for the dashboard panels
            1. Top Hashtags – last 15 minutes
            2. Top Mentions – last 15 minutes
            3. Time Tweet Zones – 15 minutes
            4. Tweet Stream (First-Time Users) – last 30 seconds
        5. The built-in per-user Activity dashboard
          1. First panel – Users Tweeting about @user (Without Direct RTs or Direct Replies)
          2. Second panel – Users Replying to @user
          3. Third panel – Users Retweeting @user
          4. Fourth panel – Users Tweeting about #hashtag
        6. Creating dashboard panels with Twitter data
          1. Monitoring your hashtag
          2. Creating an alphabetical list of screen names for a hashtag
        7. Summary
      14. 7. Monitoring and Creating Alerts in Splunk
        1. Monitoring your system in Splunk
          1. Analyzing the number of system users
          2. Discovering client IP codes that have not been used on certain days
          3. Checking the IP status
        2. Looking at geographic data
          1. Using the iplocation command
          2. Using the geostats command
        3. Performing alerts in Splunk
          1. Types of alerts
          2. Setting an alert
          3. Managing alerts
          4. Another example of an alert
        4. Summary
      15. Index